Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

windows xp issues says TRI\CI.A trojan

This is a discussion on windows xp issues says TRI\CI.A trojan within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. panda detected this but will not do anything with it. My comp freezes up and constantly loses connection..........any help will


Reply
 
Thread Tools Search this Thread
Old 09-22-2010, 05:35 PM   #1
Registered Member
 
Join Date: May 2008
Posts: 37
OS: windows xp



panda detected this but will not do anything with it. My comp freezes up and constantly loses connection..........any help will be appreciated.

__________________
SandraHanyen is offline   Reply With Quote
Old 09-23-2010, 11:03 AM   #2
Registered Member
 
Join Date: May 2008
Posts: 37
OS: windows xp



and before you ask......YES I still need help getting my comp to work.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Sandy Hanyen at 8:28:45.20 on Thu 09/23/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.319 [GMT -4:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\DOCUME~1\SANDYH~1.SAN\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = global.acer.com
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
mSearchAssistant =
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - Google Dictionary Compression sdch
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\sandy hanyen.sandy\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/astropop/popcaploader_v6.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sandyh~1.san\applic~1\mozilla\firefox\profiles\lk31ffii.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=
FF - component: c:\documents and settings\sandy hanyen.sandy\application data\mozilla\firefox\profiles\lk31ffii.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency.dll
FF - component: c:\documents and settings\sandy hanyen.sandy\application data\mozilla\firefox\profiles\lk31ffii.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency3.5.dll
FF - component: c:\documents and settings\sandy hanyen.sandy\application data\mozilla\firefox\profiles\lk31ffii.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency3.6.dll
FF - plugin: c:\documents and settings\sandy hanyen.sandy\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-5-4 129928]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-12 210216]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-4-30 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-4-30 97032]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-5-12 110920]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [2008-5-5 151936]
S2 0032751242154509mcinstcleanup;McAfee Application Installer Cleanup (0032751242154509);c:\docume~1\sandyh~1\locals~1\temp\003275~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\sandyh~1\locals~1\temp\003275~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 BEHRINGER_2902;usb-audio.de driver for USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2010-7-1 340480]
S3 cpuz132;cpuz132;\??\c:\docume~1\sandyh~1.san\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\sandyh~1.san\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-3-12 96856]

=============== Created Last 30 ================

2010-09-23 11:42:36 0 ----a-w- c:\windows\system32\psnupd2.dat
2010-09-23 11:42:35 0 d-----w- c:\documents and settings\all users\HF_PCA_1.01.01.0003
2010-09-22 22:31:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 22:31:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 22:31:44 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-22 18:52:50 0 d-----w- c:\docume~1\sandyh~1.san\applic~1\SurfSecret Privacy Suite
2010-09-22 18:52:24 0 d-----w- c:\docume~1\sandyh~1.san\applic~1\pandasecuritytb
2010-09-22 18:52:13 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-09-20 13:27:12 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2010-09-20 13:20:20 0 d-----w- c:\docume~1\sandyh~1.san\applic~1\DriverCure
2010-09-20 13:20:19 0 d-----w- c:\docume~1\sandyh~1.san\applic~1\ParetoLogic
2010-09-20 13:20:00 0 d-----w- c:\program files\ParetoLogic
2010-09-20 13:20:00 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-09-20 13:14:32 0 d-----w- c:\program files\Microsoft
2010-09-20 13:12:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
2010-08-31 05:43:42 90112 ----a-w- c:\windows\system32\ccrpTmr6.dll
2010-08-31 05:43:42 0 d-----w- c:\program files\Cool Timer
2010-08-26 03:19:18 0 d-----w- c:\program files\CCleaner
2010-08-26 03:18:51 0 d-----w- c:\program files\Defraggler

==================== Find3M ====================

2010-09-04 21:45:58 55728 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2009-12-18 21:12:26 385 ----a-w- c:\program files\common files\tempeml.html
2006-05-31 14:14:50 108056 ----a-w- c:\program files\common files\secman.dll
2006-03-12 00:09:30 626176 ----a-w- c:\program files\common files\osmax.ocx
2008-08-15 17:51:40 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-03-13 10:48:10 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031320090314\index.dat
2009-12-31 15:45:50 18040096 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-31 15:45:51 666912 --sha-w- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 8:29:26.39 ===============
Attached Files
File Type: zip ark.zip (744 Bytes, 5 views)
File Type: zip Attach.zip (3.8 KB, 2 views)

__________________
SandraHanyen is offline   Reply With Quote
Old 09-24-2010, 12:43 PM   #3
Security Team
Analyst
 
sjpritch25's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,379
OS: Windows 7 Ultimate 64bit



Welcome to TSF :)

Please uninstall either Bitdefender or Panda Cloud because its not recommended to run two antivirus programs. This is can cause system crashes.


Please download Malwarebytes' Anti-Malware from Here.



Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


====================================

  • Download OTL.exe to your desktop.
  • Double-Click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
__________________

Microsoft MVP - Consumer Security 2007-2010
sjpritch25 is offline   Reply With Quote
Old 09-24-2010, 02:34 PM   #4
Registered Member
 
Join Date: May 2008
Posts: 37
OS: windows xp



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4673

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/24/2010 5:19:54 PM
mbam-log-2010-09-24 (17-19-54).txt

Scan type: Quick scan
Objects scanned: 133127
Time elapsed: 11 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
----------------------------------------------------------------------------------------------------------------------------------------------------OTL logfile created on: 9/24/2010 5:23:36 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 505.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 121.24 Gb Free Space | 84.09% Space Free | Partition Type: NTFS
Drive D: | 3.74 Gb Total Space | 0.97 Gb Free Space | 25.85% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANDY
Current User Name: Sandy Hanyen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/21 09:19:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\OTL.exe
PRC - [2010/08/06 02:43:06 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2010/07/18 00:26:49 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Temp\RtkBtMnt.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 23:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/09/21 09:19:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\OTL.exe
MOD - [2008/04/14 23:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\SANDYH~1\LOCALS~1\Temp\003275~1.EXE -- (0032751242154509mcinstcleanup) McAfee Application Installer Cleanup (0032751242154509)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\DKbFltr.sys -- (DKbFltr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\SANDYH~1.SAN\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\SANDYH~1.SAN\LOCALS~1\Temp\bdtempdir01\bdselfpr.sys -- (bdselfpr)
DRV - [2010/07/27 12:50:00 | 000,253,072 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\Trufos.sys -- (Trufos)
DRV - [2010/07/09 15:08:14 | 000,327,368 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/05/13 17:02:31 | 000,012,960 | ---- | M] (BITDEFENDER LLC) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\bdrawpr.sys -- (BdRawPr)
DRV - [2008/08/07 06:14:56 | 000,111,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/06 16:54:14 | 000,151,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2008/07/07 21:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/05/20 20:31:26 | 001,312,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/05/20 05:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/24 21:17:10 | 000,225,024 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/04/14 23:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 23:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 23:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 23:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 23:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 23:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 23:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 23:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 23:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 23:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 23:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 23:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 23:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 23:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 23:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 23:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/14 0340 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 0340 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/15 01:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [1999/09/10 1200 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [1601/01/01 00:00:00 | 000,340,480 | ---- | M] (BEHRINGER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BUSB2902.sys -- (BEHRINGER_2902)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_cus...spx?tbid=80229
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = global.acer.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6
FF - prefs.js..extensions.enabledItems: DefaultManager@Microsoft:2.1
FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/21 21:30:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/21 21:30:29 | 000,000,000 | ---D | M]

[2010/06/14 18:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Mozilla\Extensions
[2010/06/14 18:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/09/24 16:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Mozilla\Firefox\Profiles\lk31ffii.default\extensions
[2010/08/21 01:16:13 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Mozilla\Firefox\Profiles\lk31ffii.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/09/21 21:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Mozilla\Firefox\Profiles\lk31ffii.default\extensions\DefaultManager@Microsoft
[2010/06/16 13:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Mozilla\Firefox\Profiles\lk31ffii.default\extensions\translator@dontfollowme.net
[2010/09/22 19:18:37 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Mozilla\Firefox\Profiles\lk31ffii.default\searchplugins\bing.xml
[2010/09/21 21:30:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/21 21:30:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/09/14 18:59:59 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/09/14 19:00:00 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/09/14 19:00:01 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/09/14 16:41:42 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/09/14 16:41:42 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/09/14 16:41:42 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/09/14 16:41:42 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/09/14 16:41:42 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/09/14 16:41:42 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/09/14 16:41:42 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/03/23 10:52:34 | 000,000,727 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [7D5B765234DA1A58E8678A64464448C0] C:\Program Files\Common Files\BitDefender\SetupInformation\{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}\setuplauncher.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sd...0Installer.cab (Support.com Configuration Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.pogo.com/online2/pogo/a...ploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.92.226.11 24.92.226.12
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/15 13:37:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010/09/24 17:20:55 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\OTL.exe
[2010/09/24 16:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\QuickScan
[2010/09/24 16:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/09/24 16:51:45 | 000,253,072 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2010/09/24 16:51:44 | 000,327,368 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2010/09/24 16:51:44 | 000,012,960 | ---- | C] (BITDEFENDER LLC) -- C:\WINDOWS\System32\drivers\bdrawpr.sys
[2010/09/22 18:31:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/22 18:31:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/22 18:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/22 18:31:07 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\mbam-setup-1.46.exe
[2010/09/22 18:05:35 | 000,493,056 | ---- | C] (iS3, Inc.) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\STOPzilla_Setup.exe
[2010/09/22 14:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\SurfSecret Privacy Suite
[2010/09/22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Recent
[2010/09/21 21:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/09/21 21:27:36 | 008,534,336 | ---- | C] (Mozilla) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\Firefox Setup 3.6.10.exe
[2010/09/21 20:52:07 | 000,567,616 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\ChromeSetup.exe
[2010/09/20 09:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/09/20 09:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\DriverCure
[2010/09/20 09:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\ParetoLogic
[2010/09/20 09:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010/09/20 09:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/09/20 09:19:17 | 005,057,776 | ---- | C] (ParetoLogic Inc.) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\ParetoLogic PC Health Advisor.exe
[2010/09/20 09:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/09/20 09:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/09/20 09:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/09/20 09:10:20 | 001,046,736 | ---- | C] (Driver Whiz ) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\Driverwhiz.exe
[2010/09/06 19:49:55 | 002,788,816 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\install_flash_player.exe
[2010/09/04 13:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/08/31 01:43:42 | 000,090,112 | ---- | C] (http://www.mvps.org/vb) -- C:\WINDOWS\System32\ccrpTmr6.dll
[2010/08/31 01:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Cool Timer
[2010/08/31 01:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\EIPC
[2010/08/30 00:16:17 | 008,573,648 | ---- | C] (Mozilla) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\Firefox Setup 3.6.8.exe
[2010/08/27 22:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\OTHER SERVERS
[2010/08/25 23:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\WMTools Downloaded Files
[2010/08/25 23:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2010/08/25 23:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/25 23:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/08/25 23:18:00 | 003,795,360 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\rcsetup138.exe
[2010/08/25 23:17:38 | 003,427,712 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\ccsetup235.exe
[2010/08/25 23:16:48 | 004,236,112 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\dfsetup121.exe
[2010/08/25 23:15:50 | 002,516,960 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\spsetup104.exe
[2006/05/31 10:14:50 | 000,108,056 | ---- | C] (MAPILab Ltd. & Afalina Co. Ltd.) -- C:\Program Files\Common Files\secman.dll
[2006/03/11 20:09:30 | 000,626,176 | ---- | C] (Afalina Co., Ltd.) -- C:\Program Files\Common Files\osmax.ocx

========== Files - Modified Within 30 Days ==========

[2010/09/24 17:07:09 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/24 1714 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/24 1705 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/24 1700 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/24 17:05:56 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/24 17:05:04 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\NTUSER.DAT
[2010/09/24 17:05:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\ntuser.ini
[2010/09/24 17:04:57 | 006,741,700 | -H-- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\IconCache.db
[2010/09/24 17:04:53 | 000,033,468 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/09/24 16:59:03 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3258711552-1277269827-2310770164-1006UA.job
[2010/09/24 16:58:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/23 20:59:01 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3258711552-1277269827-2310770164-1006Core.job
[2010/09/23 17:00:09 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/23 17:00:08 | 000,002,387 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\Google Chrome.lnk
[2010/09/23 13:51:10 | 000,003,854 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\Attach.zip
[2010/09/23 13:50:39 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\ark.zip
[2010/09/22 18:31:49 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/22 1801 | 000,493,056 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\STOPzilla_Setup.exe
[2010/09/21 21:30:33 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/21 21:30:32 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/21 20:53:39 | 000,567,616 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\ChromeSetup.exe
[2010/09/21 09:19:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\OTL.exe
[2010/09/20 09:12:59 | 000,061,376 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/16 14:21:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/14 19:00:15 | 008,534,336 | ---- | M] (Mozilla) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\Firefox Setup 3.6.10.exe
[2010/09/11 09:38:00 | 000,000,614 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/09/06 19:50:17 | 002,788,816 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\install_flash_player.exe
[2010/09/04 17:45:58 | 000,055,728 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/04 13:45:22 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/04 1244 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/09/01 09:32:16 | 001,161,408 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\IM000611.jpg
[2010/09/01 08:31:12 | 000,252,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/30 00:18:06 | 008,573,648 | ---- | M] (Mozilla) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\Firefox Setup 3.6.8.exe
[2010/08/26 10:37:31 | 000,006,104 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\cc_20100826_103726.reg
[2010/08/25 23:18:44 | 003,795,360 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\rcsetup138.exe
[2010/08/25 23:17:52 | 004,236,112 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\dfsetup121.exe
[2010/08/25 23:17:52 | 003,427,712 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\ccsetup235.exe
[2010/08/25 23:16:05 | 002,516,960 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\spsetup104.exe

========== Files Created - No Company Name ==========

[2010/09/24 16:51:42 | 000,033,468 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/09/23 13:51:05 | 000,003,854 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\Attach.zip
[2010/09/23 13:50:39 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\ark.zip
[2010/09/23 08:32:25 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\gmer-1.zip
[2010/09/23 08:30:38 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\gmer.zip
[2010/09/23 08:28:06 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\dds.scr
[2010/09/22 18:31:49 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/22 14:36:06 | 000,242,176 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\PandaCloudAntivirus-1.exe
[2010/09/22 14:21:24 | 000,242,176 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\PandaCloudAntivirus.exe
[2010/09/21 21:30:33 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/21 21:30:32 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/21 20:58:11 | 000,002,387 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\Google Chrome.lnk
[2010/09/21 20:58:11 | 000,002,365 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/21 20:54:02 | 000,001,018 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3258711552-1277269827-2310770164-1006UA.job
[2010/09/21 20:54:00 | 000,000,966 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3258711552-1277269827-2310770164-1006Core.job
[2010/09/04 13:45:22 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/04 13:45:22 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/01 23:29:09 | 001,161,408 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\IM000611.jpg
[2010/08/26 10:37:29 | 000,006,104 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\cc_20100826_103726.reg
[2010/07/05 15:04:31 | 000,000,034 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/01/09 03:48:15 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/18 17:12:21 | 000,000,385 | ---- | C] () -- C:\Program Files\Common Files\tempeml.html
[2009/11/04 16:48:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2009/03/18 10:45:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dvm.INI
[2009/03/15 11:47:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/08/15 16:37:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/30 22:37:26 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/05 12:01:02 | 000,151,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2008/04/14 23:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/02/15 01:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/13 11:49:00 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2005/03/28 18:45:26 | 000,000,153 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2003/09/22 10:49:36 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2002/11/22 05:57:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2002/11/22 05:57:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2002/11/22 05:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2002/11/22 05:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2002/11/22 05:57:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2002/11/22 05:57:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2001/02/03 03:22:08 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll
[2001/02/03 01:59:28 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2000/04/27 09:28:26 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[1999/12/02 17:01:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[1999/09/22 02:00:00 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[1999/05/24 04:37:44 | 000,347,648 | ---- | C] () -- C:\WINDOWS\System32\OMNIOR~1.DLL
[1999/05/24 04:37:44 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\OMNITH~1.DLL

========== LOP Check ==========

[2010/07/06 23:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4D
[2010/09/24 16:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/09/20 09:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/05/14 01:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/12/15 21:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2009/12/29 0329 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/07/27 09:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/09/20 09:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/09/20 09:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/30 16:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/08/24 22:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/08 12:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/08 01:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\.purple
[2010/05/15 12:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Auslogics
[2010/05/06 10:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2010/09/20 09:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\DriverCure
[2010/05/15 12:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\GlarySoft
[2010/02/07 23:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\gtk-2.0
[2010/01/23 02:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\IObit
[2010/07/19 15:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Opera
[2010/06/27 16:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Panda Security
[2010/09/20 09:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\ParetoLogic
[2010/09/24 16:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\QuickScan
[2010/09/22 14:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\SurfSecret Privacy Suite
[2010/03/23 01:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Uniblue
[2010/01/06 12:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Unity
[2010/07/01 20:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Waves
[2010/07/01 20:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Waves Preferences
[2010/01/03 11:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Windows Desktop Search
[2010/01/03 11:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/08/15 13:37:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/04/24 23:24:54 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/08/15 13:37:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/09/24 17:05:56 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2008/08/15 13:37:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/18 10:59:53 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/08/15 13:37:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 23:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 23:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/24 17:05:53 | 1585,446,912 | -HS- | M] () -- C:\pagefile.sys
[2009/09/03 10:16:48 | 000,000,000 | ---- | M] () -- C:\pcconf.ini
[2009/09/03 10:16:48 | 000,000,000 | ---- | M] () -- C:\pcwords.dat
[2009/09/03 10:16:48 | 000,000,000 | ---- | M] () -- C:\pcwords2.dat
[2009/09/03 10:16:48 | 000,000,000 | ---- | M] () -- C:\pc_sign.slf
[2008/08/15 16:42:52 | 000,000,080 | ---- | M] () -- C:\Preload.aaa
[1999/11/11 03:17:54 | 000,000,049 | ---- | M] () -- C:\XPH.TAG

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/08/15 06:29:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/08/15 06:29:32 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/08/15 06:29:32 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/07/09 15:08:14 | 000,327,368 | ---- | M] (BitDefender) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys
[2010/07/27 12:50:00 | 000,253,072 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\system32\drivers\Trufos.sys

========== Files - Unicode (All) ==========
[2009/11/08 09:10:25 | 000,000,050 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/11/08 09:10:25 | 000,000,050 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\WINDOWS\system32:,|pctlsp.log
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AE68282
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15E76ABF
< End of report >
----------------------------------------------------------------------------------------------------------------------------------------------------OTL Extras logfile created on: 9/24/2010 5:23:36 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 505.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 121.24 Gb Free Space | 84.09% Space Free | Partition Type: NTFS
Drive D: | 3.74 Gb Total Space | 0.97 Gb Free Space | 25.85% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANDY
Current User Name: Sandy Hanyen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{258749E2-3A46-42B1-9A01-BF977AA06FAC}" = RPS CRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = Acer Crystal Eye webcam
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{80EFBB50-5B6C-4A9D-AFBC-C7664AFF252F}" = Digital Voice Recorder
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2713384-7398-43E9-9D43-565B3A7FEFEE}" = Security Advisor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B21C4052-EA4C-5603-7319-4E0AE117DAD7}" = Zoodles
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F7952CA2-A925-4CA1-A934-A46E8EC9CA18}" = Acer Crystal Eye Webcam
"8775AEB6-B596-4e0e-B7DA-2B5F4ED4215F_is1" = DownloadX Free 1.1.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1" = Zoodles
"Cool Timer_is1" = Cool Timer 3.6
"Defraggler" = Defraggler
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.24
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"Verizon Yahoo! Applications" = Verizon Yahoo! Applications
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/24/2010 1:19:52 PM | Computer Name = SANDY | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\HF_PCA_1.01.01.0003\PSANMODCTRLCFG.DLL>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 9/24/2010 1:19:55 PM | Computer Name = SANDY | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\HF_PCA_1.01.01.0003\PSANMODSCHEDULER.DLL>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 9/24/2010 1:19:55 PM | Computer Name = SANDY | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\HF_PCA_1.01.01.0003\PSNCDSEX.DLL>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 9/24/2010 1:20:03 PM | Computer Name = SANDY | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MALWAREBYTES'
ANTI-MALWARE\MALWAREBYTES' ANTI-MALWARE.LNK> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 9/24/2010 1:20:05 PM | Computer Name = SANDY | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MALWAREBYTES'
ANTI-MALWARE\MALWAREBYTES' ANTI-MALWARE HELP.LNK> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 9/24/2010 1:20:06 PM | Computer Name = SANDY | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MALWAREBYTES'
ANTI-MALWARE\UNINSTALL MALWAREBYTES' ANTI-MALWARE.LNK> in the hash map cannot be
updated. Context: Application, SystemIndex Catalog Details: A device attached to
the system is not functioning. (0x8007001f)

Error - 9/24/2010 4:00:49 PM | Computer Name = SANDY | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MALWAREBYTES'
ANTI-MALWARE\MALWAREBYTES' ANTI-MALWARE.LNK> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 9/24/2010 4:00:49 PM | Computer Name = SANDY | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MALWAREBYTES'
ANTI-MALWARE\MALWAREBYTES' ANTI-MALWARE HELP.LNK> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 9/24/2010 4:00:50 PM | Computer Name = SANDY | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MALWAREBYTES'
ANTI-MALWARE\UNINSTALL MALWAREBYTES' ANTI-MALWARE.LNK> in the hash map cannot be
updated. Context: Application, SystemIndex Catalog Details: A device attached to
the system is not functioning. (0x8007001f)

Error - 9/24/2010 4:04:16 PM | Computer Name = SANDY | Source = Application Error | ID = 1000
Description = Faulting application safari.exe, version 5.33.17.8, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 9/23/2010 3:27:18 PM | Computer Name = SANDY | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%3

Error - 9/24/2010 1:19:12 PM | Computer Name = SANDY | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%3

Error - 9/24/2010 3:59:47 PM | Computer Name = SANDY | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%3

Error - 9/24/2010 4:13:56 PM | Computer Name = SANDY | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%3

Error - 9/24/2010 507 PM | Computer Name = SANDY | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%3


< End of report >
__________________
SandraHanyen is offline   Reply With Quote
Old 09-24-2010, 05:48 PM   #5
Security Team
Analyst
 
sjpritch25's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,379
OS: Windows 7 Ultimate 64bit



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :otl
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = global.acer.com
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p="
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [7D5B765234DA1A58E8678A64464448C0] C:\Program Files\Common Files\BitDefender\SetupInformation\{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}\setuplauncher.exe ()
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    :services
    0032751242154509mcinstcleanup
    cpuz132
    bdselfpr
    :Commands
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

How is everything running???
__________________

Microsoft MVP - Consumer Security 2007-2010
sjpritch25 is offline   Reply With Quote
Old 09-24-2010, 07:35 PM   #6
Registered Member
 
Join Date: May 2008
Posts: 37
OS: windows xp



OTL logfile created on: 9/24/2010 10:21:17 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 677.00 Mb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 121.73 Gb Free Space | 84.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANDY
Current User Name: Sandy Hanyen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/24 22:19:32 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Temp\RtkBtMnt.exe
PRC - [2010/09/21 09:19:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\OTL.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 23:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/09/21 09:19:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\OTL.exe
MOD - [2008/04/14 23:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\DKbFltr.sys -- (DKbFltr)
DRV - [2010/07/27 12:50:00 | 000,253,072 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\Trufos.sys -- (Trufos)
DRV - [2010/07/09 15:08:14 | 000,327,368 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/05/13 17:02:31 | 000,012,960 | ---- | M] (BITDEFENDER LLC) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\bdrawpr.sys -- (BdRawPr)
DRV - [2008/08/07 06:14:56 | 000,111,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/06 16:54:14 | 000,151,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2008/07/07 21:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/05/20 20:31:26 | 001,312,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/05/20 05:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/24 21:17:10 | 000,225,024 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/04/14 23:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 23:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 23:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 23:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 23:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 23:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 23:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 23:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 23:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 23:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 23:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 23:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 23:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 23:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 23:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 23:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/14 0340 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 0340 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/15 01:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [1999/09/10 1200 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [1601/01/01 00:00:00 | 000,340,480 | ---- | M] (BEHRINGER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BUSB2902.sys -- (BEHRINGER_2902)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_cus...spx?tbid=80229
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6
FF - prefs.js..extensions.enabledItems: DefaultManager@Microsoft:2.1
FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/21 21:30:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/21 21:30:29 | 000,000,000 | ---D | M]

[2010/06/14 18:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Mozilla\Extensions
[2010/09/24 16:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Mozilla\Firefox\Profiles\lk31ffii.default\extensions
[2010/08/21 01:16:13 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Mozilla\Firefox\Profiles\lk31ffii.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/09/21 21:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Mozilla\Firefox\Profiles\lk31ffii.default\extensions\DefaultManager@Microsoft
[2010/06/16 13:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Mozilla\Firefox\Profiles\lk31ffii.default\extensions\translator@dontfollowme.net
[2010/09/22 19:18:37 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Mozilla\Firefox\Profiles\lk31ffii.default\searchplugins\bing.xml
[2010/09/21 21:30:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/23 10:52:34 | 000,000,727 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sd...0Installer.cab (Support.com Configuration Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.pogo.com/online2/pogo/a...ploader_v6.cab (PopCapLoader Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/15 13:37:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/24 22:17:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/24 17:20:55 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\OTL.exe
[2010/09/24 16:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\QuickScan
[2010/09/24 16:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/09/24 16:51:45 | 000,253,072 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2010/09/24 16:51:44 | 000,327,368 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2010/09/24 16:51:44 | 000,012,960 | ---- | C] (BITDEFENDER LLC) -- C:\WINDOWS\System32\drivers\bdrawpr.sys
[2010/09/22 18:31:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/22 18:31:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/22 18:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/22 18:31:07 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\mbam-setup-1.46.exe
[2010/09/22 18:05:35 | 000,493,056 | ---- | C] (iS3, Inc.) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\STOPzilla_Setup.exe
[2010/09/22 14:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\SurfSecret Privacy Suite
[2010/09/22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Recent
[2010/09/21 21:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/09/20 09:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/09/20 09:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\DriverCure
[2010/09/20 09:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\ParetoLogic
[2010/09/20 09:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010/09/20 09:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/09/20 09:19:17 | 005,057,776 | ---- | C] (ParetoLogic Inc.) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\ParetoLogic PC Health Advisor.exe
[2010/09/20 09:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/09/20 09:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/09/20 09:10:20 | 001,046,736 | ---- | C] (Driver Whiz ) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\Driverwhiz.exe
[2010/09/04 13:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/08/31 01:43:42 | 000,090,112 | ---- | C] (http://www.mvps.org/vb) -- C:\WINDOWS\System32\ccrpTmr6.dll
[2010/08/31 01:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Cool Timer
[2010/08/31 01:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\EIPC
[2010/08/27 22:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\OTHER SERVERS
[2010/08/25 23:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\WMTools Downloaded Files
[2010/08/25 23:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2010/08/25 23:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/25 23:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/08/25 23:18:00 | 003,795,360 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\rcsetup138.exe
[2010/08/25 23:17:38 | 003,427,712 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\ccsetup235.exe
[2010/08/25 23:16:48 | 004,236,112 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\dfsetup121.exe
[2010/08/25 23:15:50 | 002,516,960 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\spsetup104.exe
[2010/07/30 15:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Zoodles
[2010/07/27 09:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/07/21 11:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\oahasngmx
[2010/07/19 01:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\jim
[2010/07/18 23:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\Opera
[2010/07/18 23:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Opera
[2010/07/18 23:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/07/14 03:03:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/07/07 00:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\HCS
[2010/07/06 23:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\4D
[2010/07/05 15:02:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/07/01 20:47:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\usb-audio.deBehringer2902
[2010/07/01 20:46:30 | 000,340,480 | ---- | C] (BEHRINGER) -- C:\WINDOWS\System32\drivers\BUSB2902.sys
[2010/07/01 20:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Waves
[2010/07/01 20:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Waves Preferences
[2010/06/27 20:19:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/27 16:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Panda Security
[2010/06/27 16:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2006/05/31 10:14:50 | 000,108,056 | ---- | C] (MAPILab Ltd. & Afalina Co. Ltd.) -- C:\Program Files\Common Files\secman.dll
[2006/03/11 20:09:30 | 000,626,176 | ---- | C] (Afalina Co., Ltd.) -- C:\Program Files\Common Files\osmax.ocx

========== Files - Modified Within 90 Days ==========

[2010/09/24 22:19:23 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/24 22:19:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/24 22:19:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/24 22:19:02 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/24 22:18:14 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\NTUSER.DAT
[2010/09/24 22:18:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\ntuser.ini
[2010/09/24 21:59:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3258711552-1277269827-2310770164-1006UA.job
[2010/09/24 21:58:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/24 20:59:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3258711552-1277269827-2310770164-1006Core.job
[2010/09/24 19:56:36 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/24 19:08:08 | 006,743,880 | -H-- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\IconCache.db
[2010/09/24 17:04:53 | 000,033,468 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/09/23 17:00:09 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/23 17:00:08 | 000,002,387 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\Google Chrome.lnk
[2010/09/23 13:51:10 | 000,003,854 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\Attach.zip
[2010/09/23 13:50:39 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\ark.zip
[2010/09/22 18:31:49 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/22 1801 | 000,493,056 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\STOPzilla_Setup.exe
[2010/09/21 21:30:33 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/21 21:30:32 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/21 09:19:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\OTL.exe
[2010/09/20 09:12:59 | 000,061,376 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/16 14:21:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/11 09:38:00 | 000,000,614 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/09/04 17:45:58 | 000,055,728 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/04 13:45:22 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/04 1244 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/09/01 09:32:16 | 001,161,408 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\IM000611.jpg
[2010/09/01 08:31:12 | 000,252,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/26 10:37:31 | 000,006,104 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\cc_20100826_103726.reg
[2010/08/25 23:18:44 | 003,795,360 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\rcsetup138.exe
[2010/08/25 23:17:52 | 004,236,112 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\dfsetup121.exe
[2010/08/25 23:17:52 | 003,427,712 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\ccsetup235.exe
[2010/08/25 23:16:05 | 002,516,960 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\spsetup104.exe
[2010/08/25 12:20:38 | 005,057,776 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\ParetoLogic PC Health Advisor.exe
[2010/08/23 01:52:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/22 01:18:45 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\NTUSER.DAT.gbck
[2010/08/11 21:56:26 | 000,577,310 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/11 21:56:26 | 000,494,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/11 21:56:26 | 000,091,574 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/01 15:17:12 | 000,029,509 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\!By5gkFg!Wk~$(KGrHqEOKjkE)MkZri+yBMTq1IypSQ~~_12.JPG
[2010/07/27 12:50:00 | 000,253,072 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2010/07/23 09:30:58 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/17 16:32:54 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\FOXUSER.FPT
[2010/07/16 01:31:39 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\FOXUSER.DBF
[2010/07/09 15:08:14 | 000,327,368 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2010/07/05 15:04:31 | 000,000,034 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010/06/28 07:45:14 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

========== Files Created - No Company Name ==========

[2010/09/24 16:51:42 | 000,033,468 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/09/23 13:51:05 | 000,003,854 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\Attach.zip
[2010/09/23 13:50:39 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\ark.zip
[2010/09/23 08:32:25 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\gmer-1.zip
[2010/09/23 08:30:38 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\gmer.zip
[2010/09/23 08:28:06 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\dds.scr
[2010/09/22 18:31:49 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/22 14:36:06 | 000,242,176 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\PandaCloudAntivirus-1.exe
[2010/09/22 14:21:24 | 000,242,176 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\PandaCloudAntivirus.exe
[2010/09/21 21:30:33 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/21 21:30:32 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/21 20:58:11 | 000,002,387 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\Google Chrome.lnk
[2010/09/21 20:58:11 | 000,002,365 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/21 20:54:02 | 000,001,018 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3258711552-1277269827-2310770164-1006UA.job
[2010/09/21 20:54:00 | 000,000,966 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3258711552-1277269827-2310770164-1006Core.job
[2010/09/04 13:45:22 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/04 13:45:22 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/01 23:29:09 | 001,161,408 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\IM000611.jpg
[2010/08/26 10:37:29 | 000,006,104 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\cc_20100826_103726.reg
[2010/08/01 15:17:12 | 000,029,509 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\!By5gkFg!Wk~$(KGrHqEOKjkE)MkZri+yBMTq1IypSQ~~_12.JPG
[2010/07/21 17:21:07 | 1061,105,664 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/18 23:43:57 | 000,000,614 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/07/16 01:29:26 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\FOXUSER.FPT
[2010/07/16 01:29:26 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\FOXUSER.DBF
[2010/07/05 15:04:31 | 000,000,034 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/01/09 03:48:15 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/18 17:12:21 | 000,000,385 | ---- | C] () -- C:\Program Files\Common Files\tempeml.html
[2009/11/04 16:48:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2009/03/18 10:45:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dvm.INI
[2009/03/15 11:47:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/08/15 16:37:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/30 22:37:26 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/05 12:01:02 | 000,151,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2008/04/14 23:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/02/15 01:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/13 11:49:00 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2005/03/28 18:45:26 | 000,000,153 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2003/09/22 10:49:36 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2002/11/22 05:57:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2002/11/22 05:57:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2002/11/22 05:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2002/11/22 05:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2002/11/22 05:57:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2002/11/22 05:57:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2001/02/03 03:22:08 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll
[2001/02/03 01:59:28 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2000/04/27 09:28:26 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[1999/12/02 17:01:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[1999/09/22 02:00:00 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[1999/05/24 04:37:44 | 000,347,648 | ---- | C] () -- C:\WINDOWS\System32\OMNIOR~1.DLL
[1999/05/24 04:37:44 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\OMNITH~1.DLL

========== LOP Check ==========

[2010/07/06 23:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4D
[2010/09/24 16:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/05/14 01:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/12/15 21:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2009/12/29 0329 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/07/27 09:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/09/20 09:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/09/20 09:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/30 16:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/08/24 22:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/08 12:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/08 01:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\.purple
[2010/05/15 12:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Auslogics
[2010/05/06 10:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2010/09/20 09:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\DriverCure
[2010/05/15 12:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\GlarySoft
[2010/02/07 23:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\gtk-2.0
[2010/01/23 02:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\IObit
[2010/07/19 15:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Opera
[2010/06/27 16:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Panda Security
[2010/09/20 09:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\ParetoLogic
[2010/09/24 16:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\QuickScan
[2010/09/22 14:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\SurfSecret Privacy Suite
[2010/03/23 01:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Uniblue
[2010/01/06 12:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Unity
[2010/07/01 20:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Waves
[2010/07/01 20:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Waves Preferences
[2010/01/03 11:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Windows Desktop Search
[2010/01/03 11:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Windows Search

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/11/08 09:10:25 | 000,000,050 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/11/08 09:10:25 | 000,000,050 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\WINDOWS\system32:,|pctlsp.log
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AE68282
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15E76ABF
< End of report >
[2010/09/24 22:20:41 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\ntuser.dat.LOG
[2010/09/24 22:19:23 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/24 22:19:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/24 22:19:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/24 22:18:14 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\NTUSER.DAT
[2010/09/24 22:18:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\ntuser.ini
[2010/09/24 22:15:56 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Recent
[2010/09/24 21:59:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3258711552-1277269827-2310770164-1006UA.job
[2010/09/24 21:58:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/24 20:59:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3258711552-1277269827-2310770164-1006Core.job
[2010/09/24 19:56:36 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/24 19:08:08 | 006,743,880 | -H-- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\IconCache.db
[2010/09/24 18:26:39 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2010/09/24 17:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\desktop
[2010/09/24 17:28:52 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents
[2010/09/24 17:04:53 | 000,033,468 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/09/24 16:56:27 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data
[2010/09/24 16:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\QuickScan
[2010/09/24 16:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\BitDefender
[2010/09/24 16:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/09/24 16:13:44 | 000,000,000 | ---D | M] -- C:\Program Files\Panda Security
[2010/09/23 17:00:09 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/23 17:00:08 | 000,002,387 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\Google Chrome.lnk
[2010/09/23 16:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\Temp
[2010/09/23 13:51:10 | 000,003,854 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\Attach.zip
[2010/09/23 13:50:39 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\ark.zip
[2010/09/22 18:31:50 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/22 18:31:49 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/22 18:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2010/09/22 18:26:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/09/22 18:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\Microsoft
[2010/09/22 18:26:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/09/22 1817 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Cookies
[2010/09/22 1801 | 000,493,056 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\STOPzilla_Setup.exe
[2010/09/22 14:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\SurfSecret Privacy Suite
[2010/09/21 21:30:33 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/21 21:30:32 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/21 21:30:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/09/21 20:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\Google
[2010/09/21 20:53:39 | 000,567,616 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\ChromeSetup.exe
[2010/09/21 09:19:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\OTL.exe
[2010/09/20 09:40:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/09/20 09:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/09/20 09:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/09/20 09:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/09/20 09:25:20 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/09/20 09:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\DriverCure
[2010/09/20 09:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\ParetoLogic
[2010/09/20 09:20:00 | 000,000,000 | ---D | M] -- C:\Program Files\ParetoLogic
[2010/09/20 09:14:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/09/20 09:14:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/09/20 09:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/09/20 09:13:38 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Microsoft Shared
[2010/09/20 09:12:59 | 000,061,376 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/16 14:21:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/14 19:00:15 | 008,534,336 | ---- | M] (Mozilla) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\Firefox Setup 3.6.10.exe
[2010/09/11 09:38:00 | 000,000,614 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/09/11 09:37:54 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
[2010/09/06 19:50:17 | 002,788,816 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\install_flash_player.exe
[2010/09/06 18:20:27 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/09/04 17:45:58 | 000,055,728 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/04 17:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\Apple Computer
[2010/09/04 17:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Apple Computer
[2010/09/04 13:45:22 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/04 13:45:21 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2010/09/04 13:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/09/04 1244 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/09/01 09:32:16 | 001,161,408 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\IM000611.jpg
[2010/09/01 08:31:12 | 000,252,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/31 17:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\Unity
[2010/08/31 01:43:43 | 000,000,000 | ---D | M] -- C:\Program Files\Cool Timer
[2010/08/31 01:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\EIPC
[2010/08/30 00:18:06 | 008,573,648 | ---- | M] (Mozilla) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\Firefox Setup 3.6.8.exe
[2010/08/26 10:37:31 | 000,006,104 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\cc_20100826_103726.reg
[2010/08/25 23:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\WMTools Downloaded Files
[2010/08/25 23:19:38 | 000,000,000 | ---D | M] -- C:\Program Files\Recuva
[2010/08/25 23:18:57 | 000,000,000 | ---D | M] -- C:\Program Files\Defraggler
[2010/08/25 23:18:44 | 003,795,360 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\rcsetup138.exe
[2010/08/25 23:17:52 | 004,236,112 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\dfsetup121.exe
[2010/08/25 23:17:52 | 003,427,712 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\ccsetup235.exe
[2010/08/25 23:16:05 | 002,516,960 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\spsetup104.exe
[2010/08/25 17:13:18 | 000,000,000 | ---D | M] -- C:\Program Files\HCS
[2010/08/25 17:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/08/25 17:00:35 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Start Menu
[2010/08/25 13:59:30 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/08/24 22:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/22 01:18:45 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\NTUSER.DAT.gbck
[2010/08/12 17:34:10 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Adobe AIR
[2010/08/11 21:50:43 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/08/11 21:47:11 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/30 15:03:26 | 000,000,000 | ---D | M] -- C:\Program Files\Zoodles
[2010/07/27 09:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/07/23 09:30:58 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/22 21:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\PC Tools
[2010/07/21 17:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\oahasngmx
[2010/07/19 15:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\Opera
[2010/07/19 15:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Opera
[2010/07/17 16:32:54 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\FOXUSER.FPT
[2010/07/16 01:31:39 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\FOXUSER.DBF
[2010/07/10 17:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\Cooliris
[2010/07/10 15:27:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\NetHood
[2010/07/06 23:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4D
[2010/07/01 20:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Waves Preferences
[2010/07/01 20:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Waves
[2010/06/27 17:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Macromedia
[2010/06/27 16:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Panda Security
[2010/06/27 14:23:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft
[2010/06/27 08:51:02 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/06/27 08:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\Adobe
[2009/12/18 17:12:26 | 000,000,385 | ---- | M] () -- C:\Program Files\Common Files\tempeml.html
[2008/08/15 06:30:24 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\desktop.ini
[2008/08/15 06:30:24 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/05/31 10:14:50 | 000,108,056 | ---- | M] (MAPILab Ltd. & Afalina Co. Ltd.) -- C:\Program Files\Common Files\secman.dll
[2006/03/11 20:09:30 | 000,626,176 | ---- | M] (Afalina Co., Ltd.) -- C:\Program Files\Common Files\osmax.ocx

========== Files - Modified Within 90 Days ==========

[2010/09/24 22:19:23 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/24 22:19:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/24 22:19:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/24 22:19:02 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/24 22:18:14 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\NTUSER.DAT
[2010/09/24 22:18:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\ntuser.ini
[2010/09/24 21:59:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3258711552-1277269827-2310770164-1006UA.job
[2010/09/24 21:58:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/24 20:59:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3258711552-1277269827-2310770164-1006Core.job
[2010/09/24 19:56:36 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/24 19:08:08 | 006,743,880 | -H-- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\IconCache.db
[2010/09/24 17:04:53 | 000,033,468 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/09/23 17:00:09 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/23 17:00:08 | 000,002,387 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\Google Chrome.lnk
[2010/09/23 13:51:10 | 000,003,854 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\Attach.zip
[2010/09/23 13:50:39 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\ark.zip
[2010/09/22 18:31:49 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/22 1801 | 000,493,056 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\STOPzilla_Setup.exe
[2010/09/21 21:30:33 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/21 21:30:32 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/21 20:53:39 | 000,567,616 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Sandy Hanyen.SANDY\Desktop\ChromeSetup.exe
[2010/09/21 09:19:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\OTL.exe
[2010/09/20 09:12:59 | 000,061,376 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/16 14:21:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/14 19:00:15 | 008,534,336 | ---- | M] (Mozilla) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\Firefox Setup 3.6.10.exe
[2010/09/11 09:38:00 | 000,000,614 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/09/06 19:50:17 | 002,788,816 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\install_flash_player.exe
[2010/09/04 17:45:58 | 000,055,728 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/04 13:45:22 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/04 1244 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/09/01 09:32:16 | 001,161,408 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\IM000611.jpg
[2010/09/01 08:31:12 | 000,252,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/30 00:18:06 | 008,573,648 | ---- | M] (Mozilla) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\Firefox Setup 3.6.8.exe
[2010/08/26 10:37:31 | 000,006,104 | ---- | M] () -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\cc_20100826_103726.reg
[2010/08/25 23:18:44 | 003,795,360 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\rcsetup138.exe
[2010/08/25 23:17:52 | 004,236,112 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\dfsetup121.exe
[2010/08/25 23:17:52 | 003,427,712 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\ccsetup235.exe
[2010/08/25 23:16:05 | 002,516,960 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sandy Hanyen.SANDY\My Documents\spsetup104.exe

========== LOP Check ==========

[2010/07/06 23:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4D
[2010/09/24 16:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/05/14 01:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/12/15 21:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2009/12/29 0329 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/07/27 09:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/09/20 09:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/09/20 09:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/30 16:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/08/24 22:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/08 12:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/08 01:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\.purple
[2010/05/15 12:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Auslogics
[2010/05/06 10:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2010/09/20 09:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\DriverCure
[2010/05/15 12:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\GlarySoft
[2010/02/07 23:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\gtk-2.0
[2010/01/23 02:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\IObit
[2010/07/19 15:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Opera
[2010/06/27 16:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Panda Security
[2010/09/20 09:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\ParetoLogic
[2010/09/24 16:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\QuickScan
[2010/09/22 14:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\SurfSecret Privacy Suite
[2010/03/23 01:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Uniblue
[2010/01/06 12:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Unity
[2010/07/01 20:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Waves
[2010/07/01 20:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Waves Preferences
[2010/01/03 11:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Windows Desktop Search
[2010/01/03 11:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy Hanyen.SANDY\Application Data\Windows Search

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/11/08 09:10:25 | 000,000,050 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\WINDOWS\system32:,|pctlsp.log
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AE68282
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15E76ABF

< End of report >
__________________
SandraHanyen is offline   Reply With Quote
Old 09-24-2010, 07:52 PM   #7
Security Team
Analyst
 
sjpritch25's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,379
OS: Windows 7 Ultimate 64bit



how is everything running???
__________________

Microsoft MVP - Consumer Security 2007-2010
sjpritch25 is offline   Reply With Quote
Old 09-25-2010, 05:54 AM   #8
Registered Member
 
Join Date: May 2008
Posts: 37
OS: windows xp



It was still acting goofy last night and doing the same thing but I will give it the rest of the day and see if it changes any. I will definitely let you know one way or another.
__________________
SandraHanyen is offline   Reply With Quote
Old 09-25-2010, 05:58 PM   #9
Registered Member
 
Join Date: May 2008
Posts: 37
OS: windows xp



Nope it is still running the same.....only now it disconnects less but seems to freeze up more. Any other suggestions I can do?
__________________
SandraHanyen is offline   Reply With Quote
Old 09-26-2010, 07:24 AM   #10
Registered Member
 
Join Date: May 2008
Posts: 37
OS: windows xp



Now whenever I play any kind of music I get blue screened. And I know that is not gonna be good in the long run. I am lost as to what to do.
__________________
SandraHanyen is offline   Reply With Quote
Old 09-26-2010, 10:30 AM   #11
Security Team
Analyst
 
sjpritch25's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,379
OS: Windows 7 Ultimate 64bit



Please navigate to this folder C:\WINDOWS\minidump Please attach the three latest memory dumps. That might help me figure out your problems.
__________________

Microsoft MVP - Consumer Security 2007-2010
sjpritch25 is offline   Reply With Quote
Old 09-29-2010, 05:02 AM   #12
Registered Member
 
Join Date: May 2008
Posts: 37
OS: windows xp



well I done a search and it does not show a folder for that location like you asked for so I could not attach it. Is it possible it has a different name?
__________________
SandraHanyen is offline   Reply With Quote
Old 09-29-2010, 02:05 PM   #13
Security Team
Analyst
 
sjpritch25's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,379
OS: Windows 7 Ultimate 64bit



see if there is one located here C:\memory.dmp

Attach if found. Thanks
__________________

Microsoft MVP - Consumer Security 2007-2010
sjpritch25 is offline   Reply With Quote
Old 09-30-2010, 08:27 PM   #14
Registered Member
 
Join Date: May 2008
Posts: 37
OS: windows xp



okay this is what i got
Attached Files
File Type: zip minidumps.zip (402 Bytes, 3 views)
__________________
SandraHanyen is offline   Reply With Quote
Old 10-01-2010, 07:45 AM   #15
Security Team
Analyst
 
sjpritch25's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,379
OS: Windows 7 Ultimate 64bit



That's not the correct file. It should have a .mdp extension. Did you see one at all?
__________________

Microsoft MVP - Consumer Security 2007-2010
sjpritch25 is offline   Reply With Quote
Old 10-01-2010, 02:27 PM   #16
Registered Member
 
Join Date: May 2008
Posts: 37
OS: windows xp



no that is the only file we found. I have made several searches and there are no others.
__________________
SandraHanyen is offline   Reply With Quote
Old 10-01-2010, 03:42 PM   #17
Security Team
Analyst
 
sjpritch25's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,379
OS: Windows 7 Ultimate 64bit



Go to Start ---> Run ----> Type chkdsk c: /r and press enter. IF prompted you will need to run chkdsk on reboot click yes.

Let me know if that makes a difference.
__________________

Microsoft MVP - Consumer Security 2007-2010
sjpritch25 is offline   Reply With Quote
Old 10-03-2010, 07:52 AM   #18
Registered Member
 
Join Date: May 2008
Posts: 37
OS: windows xp



It did not say anything unusual and went right through. I have removed a lot of stuff on the comp in case it crashed, and I am hoping I have not removed anything crucial....but it seems to be running a bit better. Safari was one of the things i did remove although I would love to have it back. One of the massive issues I do see.....is that it says i have no virus protection now, although before it said i had panda and bit defender and i could not find bit defender anywhere on the comp and it was not in the add and remove programs. So I deleted the panda....but now in the scans it shows bit defender although i am unable to find it anywhere on my comp other than a bit defender that is quarantined so i cant do anything with it. So I am unsure of exactly what to do as far as a virus program. any ideas on that?
__________________
SandraHanyen is offline   Reply With Quote
Old 10-03-2010, 10:23 AM   #19
Security Team
Analyst
 
sjpritch25's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,379
OS: Windows 7 Ultimate 64bit



That is a problem in window WMI, not a big deal. You do need to get an AV installed though.
__________________

Microsoft MVP - Consumer Security 2007-2010
sjpritch25 is offline   Reply With Quote
Old 10-04-2010, 05:37 PM   #20
Registered Member
 
Join Date: May 2008
Posts: 37
OS: windows xp



okay well i finally got an av installed and ran it though no problems found.....I am wondering if maybe it may have something to do with my wireless connection settings itself if possible?

__________________
SandraHanyen is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 05:49 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts