« previous next »
Pages: [1] 2

Author Topic: Microsoft .net (509) Bandwidth error keeps popping up  (Read 2826 times)

Offline Dale

  • Full Member
  • ***
  • Posts: 178
  • Karma: +0/-0
    • View Profile
Microsoft .net (509) Bandwidth error keeps popping up
« on: June 27, 2010, 07:11:06 PM »
Hello Guestolo,

Working on my neighbor's PC this time.

The system is kind of useable but for a while there this pop up about an error in Microsoft net comes up repeatedly.  You can close it but it keeps coming back.

I'm also unable to run Firefox.  Some weird error comes up that has XUL Runner in the dialog box.

Something keeps taking control of the cursor too.

Here's my highjack this log.

Let me know what to do next please.

Thank you,
Dale

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:05:30 PM, on 6/27/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Patricia\LOCALS~1\Temp\sWv5.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Application Data\QOG7vSLf.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Patricia\ddaqaei6.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =  
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
F1 - win.ini: load= C:\RECYCLER\dwin.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,C:\Documents and Settings\Patricia\Application Data\recyclerr\recyclerr.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\Patricia\LOCALS~1\Temp\sWv5.exe
O4 - HKLM\..\Run: [Live Messenger] C:\Documents and Settings\Patricia\Application Data\sikggpc.exe
O4 - HKLM\..\Run: [HKLM] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKLM\..\Run: [HERNANDEZ] C:\WINDOWS\system32\systemcfg.exe
O4 - HKLM\..\Run: [Windows Security Protocol] C:\WINDOWS\TEMP\svchost.exe
O4 - HKLM\..\Run: [Directory Statistics] C:\WINDOWS\system32\dirstat32.exe
O4 - HKLM\..\Run: [recyclerr] C:\Documents and Settings\Patricia\Application Data\recyclerr\recyclerr.exe
O4 - HKLM\..\RunServices: [Microsoft Setup Initializazion] rundll32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Pomsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Internet Security Servics] D:\S-1-5-21-1482476501-1644491937-682003330-1016\Mars.exe
O4 - HKCU\..\Run: [InternetServics1] D:\S-1-5-21-1482476501-1644491937-682003330-1013\Mars1.exe
O4 - HKCU\..\Run: [Windows Firewall] C:\DOCUME~1\Patricia\LOCALS~1\Temp\sWv5.exe
O4 - HKCU\..\Run: [{02AFFEFE-B56F-B5AD-9863-3969E223C63E}] "C:\Documents and Settings\Patricia\Application Data\Uwicv\uwewr.exe"
O4 - HKCU\..\Run: [HKCU] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [recyclerr] C:\Documents and Settings\Patricia\Application Data\recyclerr\recyclerr.exe
O4 - HKCU\..\Run: [HERNANDEZ] C:\WINDOWS\system32\systemcfg.exe
O4 - HKCU\..\Run: [Directory Statistics] C:\WINDOWS\system32\dirstat32.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [SYSTEM] C:\WINDOWS\system32\systemcfg.exe
O4 - HKLM\..\Policies\Explorer\Run: [Patricia] C:\WINDOWS\system32\systemcfg.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [Patricia] C:\WINDOWS\system32\systemcfg.exe
O4 - HKUS\S-1-5-18\..\Run: [Windows Firewall] C:\WINDOWS\TEMP\Winlogen.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [HKCU] C:\WINDOWS\system32\drivers\csrss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [HERNANDEZ] C:\WINDOWS\system32\systemcfg.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Security Protocol] C:\WINDOWS\TEMP\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Directory Statistics] C:\WINDOWS\system32\dirstat32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Startup ] C:\Documents and Settings\NetworkService\Application Data\Microsoft\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [csrss] C:\Documents and Settings\NetworkService\Local Settings\Application Data\AMD Drivers\csrss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [M5T8QL3YW3] C:\WINDOWS\TEMP\Ccx.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft] %appdata%\lsass.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\drivers\csrss.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Firewall] C:\WINDOWS\TEMP\Winlogen.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\drivers\csrss.exe (User 'Default user')
O4 - .DEFAULT User Startup: keest.exe (User 'Default user')
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10848 bytes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Microsoft .net (509) Bandwidth error keeps popping up
« Reply #1 on: June 27, 2010, 07:13:57 PM »
Download ComboFix from Only this location

[color="#0000FF"]Link 1[/color]
[color="#FF0000"]Save it ONLY to your Desktop[/color]


      --------------------------------------------------------------------
[color="#2E8B57"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


[color="#2e8b57"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

With the log from ComboFix, can you also include a fresh log from Hijackthis
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Dale

  • Full Member
  • ***
  • Posts: 178
  • Karma: +0/-0
    • View Profile
Microsoft .net (509) Bandwidth error keeps popping up
« Reply #2 on: June 27, 2010, 08:50:48 PM »
[quote name='guestolo' date='27 June 2010 - 07:13 PM' timestamp='1277684037' post='470295']
Download ComboFix from Only this location

[color="#0000FF"]Link 1[/color]
[color="#FF0000"]Save it ONLY to your Desktop[/color]


      --------------------------------------------------------------------
[color="#2E8B57"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


[color="#2e8b57"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

With the log from ComboFix, can you also include a fresh log from Hijackthis
[/quote]

Thanks for the quick response.  Took a long time for that ComboFix to run and create its log file but it did complete.  Below is a copy of it's log file, and a fresh log from Hijackthis.

Dale

ComboFix 10-06-27.03 - Patricia 06/27/2010  20:08:52.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.510.285 [GMT -5:00]
Running from: c:\documents and settings\Patricia\Desktop\ComboFix.exe
AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\a.bat
c:\dir\install
c:\dir\install\install\server.exe
c:\directory\CyberGate
c:\directory\CyberGate\install\foxy.exe
c:\docume~1\Patricia\LOCALS~1\Temp\lsass.exe
c:\docume~1\Patricia\LOCALS~1\Temp\sWv5.exe
c:\documents and settings\All Users\Application Data\QOG7vSLf.exe
c:\documents and settings\NetworkService\Application Data\cglogs.dat
c:\documents and settings\NetworkService\Application Data\Microsoft\svchost .exe
c:\documents and settings\NetworkService\Application Data\Microsoft\svchost.exe
c:\documents and settings\Patricia\a2g1j59c2.exe
c:\documents and settings\Patricia\a4i8j61e4.exe
c:\documents and settings\Patricia\a6w5x45j1.exe
c:\documents and settings\Patricia\a7b1i17k3.exe
c:\documents and settings\Patricia\a7e8t86j8.exe
c:\documents and settings\Patricia\a7u5n62x1.exe
c:\documents and settings\Patricia\aa1a.exe
c:\documents and settings\Patricia\aa4a.exe
c:\documents and settings\Patricia\aaa.exe
c:\documents and settings\Patricia\Application Data\baditsr.exe
c:\documents and settings\Patricia\Application Data\bxkfvgd.exe
c:\documents and settings\Patricia\Application Data\cglogs.dat
c:\documents and settings\Patricia\Application Data\chrtmp
c:\documents and settings\Patricia\Application Data\djwvxjk.exe
c:\documents and settings\Patricia\Application Data\dlll.exe
c:\documents and settings\Patricia\Application Data\fgpgoda.exe
c:\documents and settings\Patricia\Application Data\hemztds.exe
c:\documents and settings\Patricia\Application Data\hzzohtc.exe
c:\documents and settings\Patricia\Application Data\isrtncv.exe
c:\documents and settings\Patricia\Application Data\jhdhikp.exe
c:\documents and settings\Patricia\Application Data\jpzkciv.exe
c:\documents and settings\Patricia\Application Data\jrgtgug.exe
c:\documents and settings\Patricia\Application Data\jrqvyvy.exe
c:\documents and settings\Patricia\Application Data\kppdrjs.exe
c:\documents and settings\Patricia\Application Data\kvupyyz.exe
c:\documents and settings\Patricia\Application Data\logs.dat
c:\documents and settings\Patricia\Application Data\Microsoft\Run.exe
c:\documents and settings\Patricia\Application Data\Microsoft\svchost .exe
c:\documents and settings\Patricia\Application Data\Microsoft\svchost.exe
c:\documents and settings\Patricia\Application Data\Microsoft\system.exe
c:\documents and settings\Patricia\Application Data\Microsoft\winlog.exe
c:\documents and settings\Patricia\Application Data\njmbrhq.exe
c:\documents and settings\Patricia\Application Data\ogylily.exe
c:\documents and settings\Patricia\Application Data\putkohq.exe
c:\documents and settings\Patricia\Application Data\qdgyhsu.exe
c:\documents and settings\Patricia\Application Data\recyclerr\recyclerr.exe
c:\documents and settings\Patricia\Application Data\rnmoixq.exe
c:\documents and settings\Patricia\Application Data\sepzrha.exe
c:\documents and settings\Patricia\Application Data\stub.exe
c:\documents and settings\Patricia\Application Data\Uwicv
c:\documents and settings\Patricia\Application Data\Uwicv\uwewr.exe
c:\documents and settings\Patricia\Application Data\wigrnzs.exe
c:\documents and settings\Patricia\Application Data\xivxyfm.exe
c:\documents and settings\Patricia\Application Data\zaicjoz.exe
c:\documents and settings\Patricia\b1i5g86m4.exe
c:\documents and settings\Patricia\b2l1w32p7.exe
c:\documents and settings\Patricia\b3j9a11f8.exe
c:\documents and settings\Patricia\b4r6x77r9.exe
c:\documents and settings\Patricia\b6m3u49i8.exe
c:\documents and settings\Patricia\b8e1f49o9.exe
c:\documents and settings\Patricia\c2v4q66a8.exe
c:\documents and settings\Patricia\c3g2d89g5.exe
c:\documents and settings\Patricia\c3i5w61t2.exe
c:\documents and settings\Patricia\c7j9g86g6.exe
c:\documents and settings\Patricia\d1t1n89r2.exe
c:\documents and settings\Patricia\d2k1m89f2.exe
c:\documents and settings\Patricia\d4c5j72v2.exe
c:\documents and settings\Patricia\d5n4i14d4.exe
c:\documents and settings\Patricia\d5s5f82t6.exe
c:\documents and settings\Patricia\d6d6x29j8.exe
c:\documents and settings\Patricia\d6j4i98g9.exe
c:\documents and settings\Patricia\d8v7i78t6.exe
c:\documents and settings\Patricia\d9c6e59a9.exe
c:\documents and settings\Patricia\ddaqaea1.exe
c:\documents and settings\Patricia\ddaqaea2.exe
c:\documents and settings\Patricia\ddaqaea4.exe
c:\documents and settings\Patricia\ddaqaeb2.exe
c:\documents and settings\Patricia\ddaqaeb4.exe
c:\documents and settings\Patricia\ddaqaeb5.exe
c:\documents and settings\Patricia\ddaqaeb6.exe
c:\documents and settings\Patricia\ddaqaec4.exe
c:\documents and settings\Patricia\ddaqaec6.exe
c:\documents and settings\Patricia\ddaqaec7.exe
c:\documents and settings\Patricia\ddaqaec8.exe
c:\documents and settings\Patricia\ddaqaec9.exe
c:\documents and settings\Patricia\ddaqaed1.exe
c:\documents and settings\Patricia\ddaqaed2.exe
c:\documents and settings\Patricia\ddaqaed3.exe
c:\documents and settings\Patricia\ddaqaed4.exe
c:\documents and settings\Patricia\ddaqaed5.exe
c:\documents and settings\Patricia\ddaqaed7.exe
c:\documents and settings\Patricia\ddaqaed9.exe
c:\documents and settings\Patricia\ddaqaee2.exe
c:\documents and settings\Patricia\ddaqaee5.exe
c:\documents and settings\Patricia\ddaqaee7.exe
c:\documents and settings\Patricia\ddaqaee9.exe
c:\documents and settings\Patricia\ddaqaef1.exe
c:\documents and settings\Patricia\ddaqaef2.exe
c:\documents and settings\Patricia\ddaqaef3.exe
c:\documents and settings\Patricia\ddaqaef4.exe
c:\documents and settings\Patricia\ddaqaef7.exe
c:\documents and settings\Patricia\ddaqaef8.exe
c:\documents and settings\Patricia\ddaqaeg1.exe
c:\documents and settings\Patricia\ddaqaeg2.exe
c:\documents and settings\Patricia\ddaqaeg3.exe
c:\documents and settings\Patricia\ddaqaeg4.exe
c:\documents and settings\Patricia\ddaqaeg5.exe
c:\documents and settings\Patricia\ddaqaeg7.exe
c:\documents and settings\Patricia\ddaqaeg9.exe
c:\documents and settings\Patricia\ddaqaeh1.exe
c:\documents and settings\Patricia\ddaqaeh3.exe
c:\documents and settings\Patricia\ddaqaeh4.exe
c:\documents and settings\Patricia\ddaqaeh7.exe
c:\documents and settings\Patricia\ddaqaei2.exe
c:\documents and settings\Patricia\ddaqaei3.exe
c:\documents and settings\Patricia\ddaqaei6.exe
c:\documents and settings\Patricia\ddaqaei9.exe
c:\documents and settings\Patricia\ddaqaej1.exe
c:\documents and settings\Patricia\ddaqaej3.exe
c:\documents and settings\Patricia\ddaqaej7.exe
c:\documents and settings\Patricia\ddaqaej8.exe
c:\documents and settings\Patricia\ddaqaej9.exe
c:\documents and settings\Patricia\ddaqaek3.exe
c:\documents and settings\Patricia\ddaqaek5.exe
c:\documents and settings\Patricia\ddaqaek6.exe
c:\documents and settings\Patricia\ddaqaek7.exe
c:\documents and settings\Patricia\ddaqaek9.exe
c:\documents and settings\Patricia\ddaqael2.exe
c:\documents and settings\Patricia\ddaqael6.exe
c:\documents and settings\Patricia\ddaqael7.exe
c:\documents and settings\Patricia\ddaqael8.exe
c:\documents and settings\Patricia\ddaqael9.exe
c:\documents and settings\Patricia\ddaqaem2.exe
c:\documents and settings\Patricia\ddaqaem4.exe
c:\documents and settings\Patricia\ddaqaem5.exe
c:\documents and settings\Patricia\ddaqaem8.exe
c:\documents and settings\Patricia\ddaqaem9.exe
c:\documents and settings\Patricia\ddaqaen2.exe
c:\documents and settings\Patricia\ddaqaen4.exe
c:\documents and settings\Patricia\ddaqaen7.exe
c:\documents and settings\Patricia\ddaqaen8.exe
c:\documents and settings\Patricia\ddaqaen9.exe
c:\documents and settings\Patricia\ddaqaeo1.exe
c:\documents and settings\Patricia\ddaqaeo2.exe
c:\documents and settings\Patricia\ddaqaeo3.exe
c:\documents and settings\Patricia\ddaqaeo4.exe
c:\documents and settings\Patricia\ddaqaeo5.exe
c:\documents and settings\Patricia\ddaqaeo8.exe
c:\documents and settings\Patricia\ddaqaeo9.exe
c:\documents and settings\Patricia\ddaqaep2.exe
c:\documents and settings\Patricia\ddaqaep3.exe
c:\documents and settings\Patricia\ddaqaep5.exe
c:\documents and settings\Patricia\ddaqaep7.exe
c:\documents and settings\Patricia\ddaqaep8.exe
c:\documents and settings\Patricia\ddaqaeq2.exe
c:\documents and settings\Patricia\ddaqaeq3.exe
c:\documents and settings\Patricia\ddaqaeq5.exe
c:\documents and settings\Patricia\ddaqaeq6.exe
c:\documents and settings\Patricia\ddaqaeq7.exe
c:\documents and settings\Patricia\ddaqaer3.exe
c:\documents and settings\Patricia\ddaqaer4.exe
c:\documents and settings\Patricia\ddaqaer7.exe
c:\documents and settings\Patricia\ddaqaer9.exe
c:\documents and settings\Patricia\ddaqaes4.exe
c:\documents and settings\Patricia\ddaqaes5.exe
c:\documents and settings\Patricia\ddaqaes6.exe
c:\documents and settings\Patricia\ddaqaes8.exe
c:\documents and settings\Patricia\ddaqaet1.exe
c:\documents and settings\Patricia\ddaqaet2.exe
c:\documents and settings\Patricia\ddaqaet4.exe
c:\documents and settings\Patricia\ddaqaet5.exe
c:\documents and settings\Patricia\ddaqaet7.exe
c:\documents and settings\Patricia\ddaqaet8.exe
c:\documents and settings\Patricia\ddaqaet9.exe
c:\documents and settings\Patricia\ddaqaeu2.exe
c:\documents and settings\Patricia\ddaqaeu3.exe
c:\documents and settings\Patricia\ddaqaeu5.exe
c:\documents and settings\Patricia\ddaqaeu6.exe
c:\documents and settings\Patricia\ddaqaeu7.exe
c:\documents and settings\Patricia\ddaqaeu8.exe
c:\documents and settings\Patricia\ddaqaeu9.exe
c:\documents and settings\Patricia\ddaqaev3.exe
c:\documents and settings\Patricia\ddaqaev4.exe
c:\documents and settings\Patricia\ddaqaev5.exe
c:\documents and settings\Patricia\ddaqaev8.exe
c:\documents and settings\Patricia\ddaqaew1.exe
c:\documents and settings\Patricia\ddaqaew3.exe
c:\documents and settings\Patricia\ddaqaew4.exe
c:\documents and settings\Patricia\ddaqaew7.exe
c:\documents and settings\Patricia\ddaqaex2.exe
c:\documents and settings\Patricia\ddaqaex4.exe
c:\documents and settings\Patricia\ddaqaex5.exe
c:\documents and settings\Patricia\ddaqaex6.exe
c:\documents and settings\Patricia\ddaqaex8.exe
c:\documents and settings\Patricia\ddaqaex9.exe
c:\documents and settings\Patricia\ddaqaey1.exe
c:\documents and settings\Patricia\ddaqaey7.exe
c:\documents and settings\Patricia\ddaqaey8.exe
c:\documents and settings\Patricia\ddaqaey9.exe
c:\documents and settings\Patricia\ddaqaez4.exe
c:\documents and settings\Patricia\ddaqaez5.exe
c:\documents and settings\Patricia\ddaqaez8.exe
c:\documents and settings\Patricia\dddaqaef7.exe
c:\documents and settings\Patricia\djdjdjdddd.exe
c:\documents and settings\Patricia\drdtraan9.exe
c:\documents and settings\Patricia\dxdddd.exe
c:\documents and settings\Patricia\dxdddxd.exe
c:\documents and settings\Patricia\e2h7f57g3.exe
c:\documents and settings\Patricia\e2j6z44a1.exe
c:\documents and settings\Patricia\e3x6u77e6.exe
c:\documents and settings\Patricia\e4i5d78o8.exe
c:\documents and settings\Patricia\e5i9h64k6.exe
c:\documents and settings\Patricia\e7c2p69t9.exe
c:\documents and settings\Patricia\e7i1e97o4.exe
c:\documents and settings\Patricia\eadjadea3.exe
c:\documents and settings\Patricia\eadjadea6.exe
c:\documents and settings\Patricia\eadjadea9.exe
c:\documents and settings\Patricia\eadjadec5.exe
c:\documents and settings\Patricia\eadjadec6.exe
c:\documents and settings\Patricia\eadjadec8.exe
c:\documents and settings\Patricia\eadjaded5.exe
c:\documents and settings\Patricia\eadjaded7.exe
c:\documents and settings\Patricia\eadjadee3.exe
c:\documents and settings\Patricia\eadjadee4.exe
c:\documents and settings\Patricia\eadjadef2.exe
c:\documents and settings\Patricia\eadjadef4.exe
c:\documents and settings\Patricia\eadjadef6.exe
c:\documents and settings\Patricia\eadjadef8.exe
c:\documents and settings\Patricia\eadjadeg4.exe
c:\documents and settings\Patricia\eadjadeg7.exe
c:\documents and settings\Patricia\eadjadeg8.exe
c:\documents and settings\Patricia\eadjadeg9.exe
c:\documents and settings\Patricia\eadjadeh4.exe
c:\documents and settings\Patricia\eadjadeh6.exe
c:\documents and settings\Patricia\eadjadeh8.exe
c:\documents and settings\Patricia\eadjadei3.exe
c:\documents and settings\Patricia\eadjadei5.exe
c:\documents and settings\Patricia\eadjadej3.exe
c:\documents and settings\Patricia\eadjadej7.exe
c:\documents and settings\Patricia\eadjadej8.exe
c:\documents and settings\Patricia\eadjadek3.exe
c:\documents and settings\Patricia\eadjadek5.exe
c:\documents and settings\Patricia\eadjadek6.exe
c:\documents and settings\Patricia\eadjadel1.exe
c:\documents and settings\Patricia\eadjadel2.exe
c:\documents and settings\Patricia\eadjadel4.exe
c:\documents and settings\Patricia\eadjadel6.exe
c:\documents and settings\Patricia\eadjadem2.exe
c:\documents and settings\Patricia\eadjadem3.exe
c:\documents and settings\Patricia\eadjadem5.exe
c:\documents and settings\Patricia\eadjaden4.exe
c:\documents and settings\Patricia\eadjaden6.exe
c:\documents and settings\Patricia\eadjaden7.exe
c:\documents and settings\Patricia\eadjadeo4.exe
c:\documents and settings\Patricia\eadjadeo6.exe
c:\documents and settings\Patricia\eadjadeo9.exe
c:\documents and settings\Patricia\eadjadep6.exe
c:\documents and settings\Patricia\eadjadeq2.exe
c:\documents and settings\Patricia\eadjadeq6.exe
c:\documents and settings\Patricia\eadjadeq8.exe
c:\documents and settings\Patricia\eadjader3.exe
c:\documents and settings\Patricia\eadjades8.exe
c:\documents and settings\Patricia\eadjades9.exe
c:\documents and settings\Patricia\eadjadet8.exe
c:\documents and settings\Patricia\eadjadet9.exe
c:\documents and settings\Patricia\eadjadeu1.exe
c:\documents and settings\Patricia\eadjadeu4.exe
c:\documents and settings\Patricia\eadjadeu5.exe
c:\documents and settings\Patricia\eadjadev4.exe
c:\documents and settings\Patricia\eadjadev5.exe
c:\documents and settings\Patricia\eadjadev8.exe
c:\documents and settings\Patricia\eadjadev9.exe
c:\documents and settings\Patricia\eadjadew9.exe
c:\documents and settings\Patricia\eadjadex2.exe
c:\documents and settings\Patricia\eadjadex4.exe
c:\documents and settings\Patricia\eadjadex7.exe
c:\documents and settings\Patricia\eadjadex8.exe
c:\documents and settings\Patricia\eadjadex9.exe
c:\documents and settings\Patricia\eadjadey1.exe
c:\documents and settings\Patricia\eadjadez2.exe
c:\documents and settings\Patricia\eadjadez3.exe
c:\documents and settings\Patricia\eadjadez4.exe
c:\documents and settings\Patricia\eadjadez8.exe
c:\documents and settings\Patricia\efxdzjd1.exe
c:\documents and settings\Patricia\efxdzjh9.exe
c:\documents and settings\Patricia\efxdzjm7.exe
c:\documents and settings\Patricia\efxdzjo1.exe
c:\documents and settings\Patricia\efxdzjp5.exe
c:\documents and settings\Patricia\efxdzjs2.exe
c:\documents and settings\Patricia\efxdzjv2.exe
c:\documents and settings\Patricia\efxdzjx1.exe
c:\documents and settings\Patricia\efxdzjy7.exe
c:\documents and settings\Patricia\f3v6o91r9.exe
c:\documents and settings\Patricia\f4x4v92q8.exe
c:\documents and settings\Patricia\f5a9f41p5.exe
c:\documents and settings\Patricia\f5n5b86g3.exe
c:\documents and settings\Patricia\f7r9h12n5.exe
c:\documents and settings\Patricia\f8o6l96f7.exe
c:\documents and settings\Patricia\f9g4i83o9.exe
c:\documents and settings\Patricia\g1c3t44j3.exe
c:\documents and settings\Patricia\g1i37w1.exe
c:\documents and settings\Patricia\g1o3j69j5.exe
c:\documents and settings\Patricia\g1o8c44k2.exe
c:\documents and settings\Patricia\g2p7i63q4.exe
c:\documents and settings\Patricia\g2s4u65p1.exe
c:\documents and settings\Patricia\g4h3w98k6.exe
c:\documents and settings\Patricia\g5s3z94f7.exe
c:\documents and settings\Patricia\GoToAssistDownloadHelper.exe
c:\documents and settings\Patricia\h1k6r61k3.exe
c:\documents and settings\Patricia\h4b4i65p7.exe
c:\documents and settings\Patricia\h4j5t96z4.exe
c:\documents and settings\Patricia\h4n7s28k3.exe
c:\documents and settings\Patricia\h6d7n14q5.exe
c:\documents and settings\Patricia\h7z9c39i7.exe
c:\documents and settings\Patricia\h9u7d21j4.exe
c:\documents and settings\Patricia\h9w1r64l7.exe
c:\documents and settings\Patricia\i4b9k72o7.exe
c:\documents and settings\Patricia\i7j4f74o8.exe
c:\documents and settings\Patricia\i7u6n82p7.exe
c:\documents and settings\Patricia\i7u8j78e4.exe
c:\documents and settings\Patricia\i8y4s15z7.exe
c:\documents and settings\Patricia\i9m4g38u6.exe
c:\documents and settings\Patricia\j3c4s29j4.exe
c:\documents and settings\Patricia\j3s7e61m6.exe
c:\documents and settings\Patricia\j5f1w76e7.exe
c:\documents and settings\Patricia\j5f5q55a3.exe
c:\documents and settings\Patricia\j5l9g35a3.exe
c:\documents and settings\Patricia\j5t4s31p2.exe
c:\documents and settings\Patricia\jadadek2.exe
c:\documents and settings\Patricia\jadadem9.exe
c:\documents and settings\Patricia\jadadeq8.exe
c:\documents and settings\Patricia\jadadey3.exe
c:\documents and settings\Patricia\k1t8a34e3.exe
c:\documents and settings\Patricia\k2u7u35a6.exe
c:\documents and settings\Patricia\k2x7x83e4.exe
c:\documents and settings\Patricia\k3h2u74o1.exe
c:\documents and settings\Patricia\k4c7f44k4.exe
c:\documents and settings\Patricia\k4w4x53v9.exe
c:\documents and settings\Patricia\k5m2t82v6.exe
c:\documents and settings\Patricia\k5v2z75v7.exe
c:\documents and settings\Patricia\k6p7a15m3.exe
c:\documents and settings\Patricia\k6r6i21d4.exe
c:\documents and settings\Patricia\k7a9y69u1.exe
c:\documents and settings\Patricia\k8z9s99q9.exe
c:\documents and settings\Patricia\l3b3x17p4.exe
c:\documents and settings\Patricia\l3n4p58n6.exe
c:\documents and settings\Patricia\l5a4a97i3.exe
c:\documents and settings\Patricia\l5f1e45m4.exe
c:\documents and settings\Patricia\l5m1b71a4.exe
c:\documents and settings\Patricia\l6y4r21a9.exe
c:\documents and settings\Patricia\l7q2p97q4.exe
c:\documents and settings\Patricia\l8e2y47s5.exe
c:\documents and settings\Patricia\l8k4j12r6.exe
c:\documents and settings\Patricia\l8l6e33w9.exe
c:\documents and settings\Patricia\l8r5k23u8.exe
c:\documents and settings\Patricia\m1b1e22v1.exe
c:\documents and settings\Patricia\m1b6t14m2.exe
c:\documents and settings\Patricia\m1d4r21d6.exe
c:\documents and settings\Patricia\m5d9l25l7.exe
c:\documents and settings\Patricia\m5h7f86l6.exe
c:\documents and settings\Patricia\m6o5u66c3.exe
c:\documents and settings\Patricia\m7n8l26n8.exe
c:\documents and settings\Patricia\m8g9l17f4.exe
c:\documents and settings\Patricia\m8j2q78d7.exe
c:\documents and settings\Patricia\m9b2q42r5.exe
c:\documents and settings\Patricia\n1i7k53r2.exe
c:\documents and settings\Patricia\n2g1y78x5.exe
c:\documents and settings\Patricia\n2y2z11d1.exe
c:\documents and settings\Patricia\n3d3m16d4.exe
c:\documents and settings\Patricia\n3h7x18d1.exe
c:\documents and settings\Patricia\n3x8k98v3.exe
c:\documents and settings\Patricia\n4n2f59o7.exe
c:\documents and settings\Patricia\n5j6u66c1.exe
c:\documents and settings\Patricia\n5j9m66l9.exe
c:\documents and settings\Patricia\n6c8i37s6.exe
c:\documents and settings\Patricia\n8i5c37i8.exe
c:\documents and settings\Patricia\n8m7z84i1.exe
c:\documents and settings\Patricia\n9l7m15l7.exe
c:\documents and settings\Patricia\n9r8o27j5.exe
c:\documents and settings\Patricia\o1q6d32f2.exe
c:\documents and settings\Patricia\o1v8a27y3.exe
c:\documents and settings\Patricia\o4h8g81i3.exe
c:\documents and settings\Patricia\o5g7b73e8.exe
c:\documents and settings\Patricia\o6a6y73b5.exe
c:\documents and settings\Patricia\o6m9q39h1.exe
c:\documents and settings\Patricia\o7n7v24h5.exe
c:\documents and settings\Patricia\o9r4l43o2.exe
c:\documents and settings\Patricia\p1j4u16k9.exe
c:\documents and settings\Patricia\p2l5j51u3.exe
c:\documents and settings\Patricia\p2o2f75r6.exe
c:\documents and settings\Patricia\p2v5a26i6.exe
c:\documents and settings\Patricia\p5a3w68c5.exe
c:\documents and settings\Patricia\p8z8f69q5.exe
c:\documents and settings\Patricia\q5k3i83j6.exe
c:\documents and settings\Patricia\q7v2y39i5.exe
c:\documents and settings\Patricia\r3d9x57b5.exe
c:\documents and settings\Patricia\r4p7h92t7.exe
c:\documents and settings\Patricia\r4w1g45o6.exe
c:\documents and settings\Patricia\rdt2asn9.exe
c:\documents and settings\Patricia\rt2asn9.exe
c:\documents and settings\Patricia\rt2kdkk.exe
c:\documents and settings\Patricia\rt2kkk.exe
c:\documents and settings\Patricia\rtradsfp5.exe
c:\documents and settings\Patricia\s8k6i52c6.exe
c:\documents and settings\Patricia\s8p6c48v3.exe
c:\documents and settings\Patricia\s9v8e47n5.exe
c:\documents and settings\Patricia\srtrdas.exe
c:\documents and settings\Patricia\t6q2n84y4.exe
c:\documents and settings\Patricia\t7l6u38k3.exe
c:\documents and settings\Patricia\t9g3r43z8.exe
c:\documents and settings\Patricia\u3d3d59j6.exe
c:\documents and settings\Patricia\v3j3o34h3.exe
c:\documents and settings\Patricia\v4n7a25g7.exe
c:\documents and settings\Patricia\v5t9v69u1.exe
c:\documents and settings\Patricia\w4h5n21o1.exe
c:\documents and settings\Patricia\w5p9q75p1.exe
c:\documents and settings\Patricia\w6y2e23d7.exe
c:\documents and settings\Patricia\w8d7c28x4.exe
c:\documents and settings\Patricia\w9g2r55n5.exe
c:\documents and settings\Patricia\x5e3t33o9.exe
c:\documents and settings\Patricia\x8n6s1o5.exe
c:\documents and settings\Patricia\y2h7j53f6.exe
c:\documents and settings\Patricia\y4t7r26q6.exe
c:\documents and settings\Patricia\y9d6f98e7.exe
c:\documents and settings\Patricia\z4c3g28s2.exe
c:\documents and settings\Patricia\z4n3u98w6.exe
c:\documents and settings\Patricia\z4n5p69a5.exe
c:\dream\PIANO\xor.exe
C:\EQUITY
c:\equity\Q-5-6-99-222222CCCC-333333333333-7777777777-111\Desktop.ini
c:\equity\Q-5-6-99-222222CCCC-333333333333-7777777777-111\Fix.exe
C:\JAMA
c:\jama\CRAFT\DeSKtOp.InI
c:\jama\CRAFT\pop.exe
C:\NORTON
c:\norton\U-34543ANTI-9998887776-23234532-565\DeSkToP.ini
c:\norton\U-34543ANTI-9998887776-23234532-565\nav.exe
C:\OOP
c:\oop\PPP\Desktop.ini
c:\oop\PPP\may1x2.exe
C:\phqgh.exe
c:\program files\fcadvice
c:\program files\fcadvice\patterns.dat
c:\program files\fcadvice\Uninstall.exe
c:\program files\sks~1
c:\program files\video activex object
c:\program files\Video Add-on
c:\program files\zango
C:\restore
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
C:\SIN
c:\sin\S-2-3-12-ABCDEF7890-01234567890-1688963592-500\Desktop.ini
C:\Soft
c:\soft\G-414141ERER-1233211231-12313242131-555\DeSkToP.ini
c:\soft\G-414141ERER-1233211231-12313242131-555\FEB.exe
c:\windows\patch.exe
c:\windows\smss.exe
c:\windows\smss.exe.tmp
c:\windows\svchost.exe
c:\windows\system32\6to4v32.dll
c:\windows\system32\certstore.dat
c:\windows\system32\cloudsim.exe
c:\windows\system32\devon.exe
c:\windows\system32\dirstat32.exe
c:\windows\system32\drivers\csrss.exe
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\DROPPEDFILEOK1.tmp
c:\windows\system32\ernel32.dll
c:\windows\system32\kazaabackupfiles
c:\windows\system32\kazaabackupfiles\administrator.exe
c:\windows\system32\kazaabackupfiles\angelina.exe
c:\windows\system32\kazaabackupfiles\AquaNox2 Crack.exe
c:\windows\system32\kazaabackupfiles\AVP_Crack.exe
c:\windows\system32\kazaabackupfiles\Battlefield1942_bloodpatch.exe
c:\windows\system32\kazaabackupfiles\britney_spears.exe
c:\windows\system32\kazaabackupfiles\C&C Generals_crack.exe
c:\windows\system32\kazaabackupfiles\celeb.exe
c:\windows\system32\kazaabackupfiles\cracker_jack.exe
c:\windows\system32\kazaabackupfiles\cracking_tools.exe
c:\windows\system32\kazaabackupfiles\FIFA2003 crack.exe
c:\windows\system32\kazaabackupfiles\free_root.exe
c:\windows\system32\kazaabackupfiles\free_shell.exe
c:\windows\system32\kazaabackupfiles\get_admin.exe
c:\windows\system32\kazaabackupfiles\hacking.exe
c:\windows\system32\kazaabackupfiles\Email Removed_hack.exe
c:\windows\system32\kazaabackupfiles\kazza_hack.exe
c:\windows\system32\kazaabackupfiles\McAfee.exe
c:\windows\system32\kazaabackupfiles\msn.exe
c:\windows\system32\kazaabackupfiles\NBA2003_crack.exe
c:\windows\system32\kazaabackupfiles\norton.exe
c:\windows\system32\kazaabackupfiles\password_stealer.exe
c:\windows\system32\kazaabackupfiles\phreaking.exe
c:\windows\system32\kazaabackupfiles\phreaking_tools.exe
c:\windows\system32\kazaabackupfiles\Porn.exe
c:\windows\system32\kazaabackupfiles\remoter.exe
c:\windows\system32\kazaabackupfiles\root.exe
c:\windows\system32\kazaabackupfiles\serial.exe
c:\windows\system32\kazaabackupfiles\sms.exe
c:\windows\system32\kazaabackupfiles\soldier_of_fortune_crack.exe
c:\windows\system32\kazaabackupfiles\Sygate_all_crack.exe
c:\windows\system32\kazaabackupfiles\sygate_firawall_crack.exe
c:\windows\system32\kazaabackupfiles\tiny_personal_firewall_crack.exe
c:\windows\system32\kazaabackupfiles\Unreal2_bloodpatch.exe
c:\windows\system32\kazaabackupfiles\UT2003_bloodpatch.exe
c:\windows\system32\kazaabackupfiles\xxx.exe
c:\windows\system32\kazaabackupfiles\zoneallarm_pro_crack.exe
c:\windows\system32\log.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe
c:\windows\system32\spool\prtprocs\w32x86\7931c93.dll
c:\windows\system32\spool\prtprocs\w32x86\SKU7mY1c9.dll
c:\windows\system32\sstem~1
c:\windows\system32\systemcfg.exe
c:\windows\system32\winsvncs.txt
c:\windows\system32\wnsapicc.exe
c:\windows\system32\zxdnt3d.cfg
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\At10.job
c:\windows\uninst2.htm
c:\windows\unist1.htm
c:\windows\xpsp1hfm.log

----- File Replicators -----

c:\documents and settings\All Users\Start Menu\Programs\f8o6l96f7.exe
c:\documents and settings\Patricia\a6w5x45j1.exe
c:\documents and settings\Patricia\a7b1i17k3.exe
c:\documents and settings\Patricia\a7u5n62x1.exe
c:\documents and settings\Patricia\b2l1w32p7.exe
c:\documents and settings\Patricia\b3j9a11f8.exe
c:\documents and settings\Patricia\b4r6x77r9.exe
c:\documents and settings\Patricia\b6m3u49i8.exe
c:\documents and settings\Patricia\b8e1f49o9.exe
c:\documents and settings\Patricia\c2v4q66a8.exe
c:\documents and settings\Patricia\d1t1n89r2.exe
c:\documents and settings\Patricia\d4c5j72v2.exe
c:\documents and settings\Patricia\d5n4i14d4.exe
c:\documents and settings\Patricia\d5s5f82t6.exe
c:\documents and settings\Patricia\d6d6x29j8.exe
c:\documents and settings\Patricia\d6j4i98g9.exe
c:\documents and settings\Patricia\ddaqaea2.exe
c:\documents and settings\Patricia\ddaqaeb4.exe
c:\documents and settings\Patricia\ddaqaeb6.exe
c:\documents and settings\Patricia\ddaqaec6.exe
c:\documents and settings\Patricia\ddaqaec9.exe
c:\documents and settings\Patricia\ddaqaed4.exe
c:\documents and settings\Patricia\ddaqaed9.exe
c:\documents and settings\Patricia\ddaqaee2.exe
c:\documents and settings\Patricia\ddaqaee5.exe
c:\documents and settings\Patricia\ddaqaee9.exe
c:\documents and settings\Patricia\ddaqaef4.exe
c:\documents and settings\Patricia\ddaqaef8.exe
c:\documents and settings\Patricia\ddaqaeh3.exe
c:\documents and settings\Patricia\ddaqaeh4.exe
c:\documents and settings\Patricia\ddaqaeh7.exe
c:\documents and settings\Patricia\ddaqaei2.exe
c:\documents and settings\Patricia\ddaqaei3.exe
c:\documents and settings\Patricia\ddaqaek6.exe
c:\documents and settings\Patricia\ddaqael2.exe
c:\documents and settings\Patricia\ddaqael7.exe
c:\documents and settings\Patricia\ddaqaem2.exe
c:\documents and settings\Patricia\ddaqaem4.exe
c:\documents and settings\Patricia\ddaqaem8.exe
c:\documents and settings\Patricia\ddaqaen7.exe
c:\documents and settings\Patricia\ddaqaen8.exe
c:\documents and settings\Patricia\ddaqaeo8.exe
c:\documents and settings\Patricia\ddaqaep2.exe
c:\documents and settings\Patricia\ddaqaeq3.exe
c:\documents and settings\Patricia\ddaqaeq5.exe
c:\documents and settings\Patricia\ddaqaes5.exe
c:\documents and settings\Patricia\ddaqaet1.exe
c:\documents and settings\Patricia\ddaqaet2.exe
c:\documents and settings\Patricia\ddaqaet8.exe
c:\documents and settings\Patricia\ddaqaet9.exe
c:\documents and settings\Patricia\ddaqaeu3.exe
c:\documents and settings\Patricia\ddaqaeu8.exe
c:\documents and settings\Patricia\ddaqaex5.exe
c:\documents and settings\Patricia\ddaqaex9.exe
c:\documents and settings\Patricia\ddaqaez5.exe
c:\documents and settings\Patricia\ddaqaez8.exe
c:\documents and settings\Patricia\drdtraan9.exe
c:\documents and settings\Patricia\e2h7f57g3.exe
c:\documents and settings\Patricia\e3x6u77e6.exe
c:\documents and settings\Patricia\e5i9h64k6.exe
c:\documents and settings\Patricia\e7c2p69t9.exe
c:\documents and settings\Patricia\e7i1e97o4.exe
c:\documents and settings\Patricia\eadjadea3.exe
c:\documents and settings\Patricia\eadjadea6.exe
c:\documents and settings\Patricia\eadjadec5.exe
c:\documents and settings\Patricia\eadjadec6.exe
c:\documents and settings\Patricia\eadjaded5.exe
c:\documents and settings\Patricia\eadjadee3.exe
c:\documents and settings\Patricia\eadjadef2.exe
c:\documents and settings\Patricia\eadjadef6.exe
c:\documents and settings\Patricia\eadjadef8.exe
c:\documents and settings\Patricia\eadjadeg4.exe
c:\documents and settings\Patricia\eadjadeg8.exe
c:\documents and settings\Patricia\eadjadeg9.exe
c:\documents and settings\Patricia\eadjadeh4.exe
c:\documents and settings\Patricia\eadjadeh6.exe
c:\documents and settings\Patricia\eadjadeh8.exe
c:\documents and settings\Patricia\eadjadei3.exe
c:\documents and settings\Patricia\eadjadej3.exe
c:\documents and settings\Patricia\eadjadej7.exe
c:\documents and settings\Patricia\eadjadej8.exe
c:\documents and settings\Patricia\eadjadek3.exe
c:\documents and settings\Patricia\eadjadek5.exe
c:\documents and settings\Patricia\eadjadek6.exe
c:\documents and settings\Patricia\eadjadel1.exe
c:\documents and settings\Patricia\eadjadel2.exe
c:\documents and settings\Patricia\eadjadel4.exe
c:\documents and settings\Patricia\eadjadel6.exe
c:\documents and settings\Patricia\eadjadem2.exe
c:\documents and settings\Patricia\eadjadem3.exe
c:\documents and settings\Patricia\eadjadem5.exe
c:\documents and settings\Patricia\eadjaden6.exe
c:\documents and settings\Patricia\eadjaden7.exe
c:\documents and settings\Patricia\eadjadeo4.exe
c:\documents and settings\Patricia\eadjadeo6.exe
c:\documents and settings\Patricia\eadjadeo9.exe
c:\documents and settings\Patricia\eadjadep6.exe
c:\documents and settings\Patricia\eadjadeq2.exe
c:\documents and settings\Patricia\eadjadeq6.exe
c:\documents and settings\Patricia\eadjadeq8.exe
c:\documents and settings\Patricia\eadjades8.exe
c:\documents and settings\Patricia\eadjades9.exe
c:\documents and settings\Patricia\eadjadet8.exe
c:\documents and settings\Patricia\eadjadeu1.exe
c:\documents and settings\Patricia\eadjadeu5.exe
c:\documents and settings\Patricia\eadjadev4.exe
c:\documents and settings\Patricia\eadjadev5.exe
c:\documents and settings\Patricia\eadjadev8.exe
c:\documents and settings\Patricia\eadjadev9.exe
c:\documents and settings\Patricia\eadjadew9.exe
c:\documents and settings\Patricia\eadjadex2.exe
c:\documents and settings\Patricia\eadjadex4.exe
c:\documents and settings\Patricia\eadjadex7.exe
c:\documents and settings\Patricia\eadjadex8.exe
c:\documents and settings\Patricia\eadjadex9.exe
c:\documents and settings\Patricia\eadjadey1.exe
c:\documents and settings\Patricia\eadjadez2.exe
c:\documents and settings\Patricia\eadjadez3.exe
c:\documents and settings\Patricia\eadjadez8.exe
c:\documents and settings\Patricia\f3v6o91r9.exe
c:\documents and settings\Patricia\f4x4v92q8.exe
c:\documents and settings\Patricia\f5a9f41p5.exe
c:\documents and settings\Patricia\f7r9h12n5.exe
c:\documents and settings\Patricia\f8o6l96f7.exe
c:\documents and settings\Patricia\g1c3t44j3.exe
c:\documents and settings\Patricia\g1o3j69j5.exe
c:\documents and settings\Patricia\g2p7i63q4.exe
c:\documents and settings\Patricia\g4h3w98k6.exe
c:\documents and settings\Patricia\h4b4i65p7.exe
c:\documents and settings\Patricia\h4j5t96z4.exe
c:\documents and settings\Patricia\h9w1r64l7.exe
c:\documents and settings\Patricia\i4b9k72o7.exe
c:\documents and settings\Patricia\i7u6n82p7.exe
c:\documents and settings\Patricia\i7u8j78e4.exe
c:\documents and settings\Patricia\j3c4s29j4.exe
c:\documents and settings\Patricia\j3s7e61m6.exe
c:\documents and settings\Patricia\j5f1w76e7.exe
c:\documents and settings\Patricia\j5t4s31p2.exe
c:\documents and settings\Patricia\k1t8a34e3.exe
c:\documents and settings\Patricia\k2x7x83e4.exe
c:\documents and settings\Patricia\k4c7f44k4.exe
c:\documents and settings\Patricia\k5v2z75v7.exe
c:\documents and settings\Patricia\k6p7a15m3.exe
c:\documents and settings\Patricia\k6r6i21d4.exe
c:\documents and settings\Patricia\k7a9y69u1.exe
c:\documents and settings\Patricia\k8z9s99q9.exe
c:\documents and settings\Patricia\l3n4p58n6.exe
c:\documents and settings\Patricia\l5a4a97i3.exe
c:\documents and settings\Patricia\l5m1b71a4.exe
c:\documents and settings\Patricia\l6y4r21a9.exe
c:\documents and settings\Patricia\l7q2p97q4.exe
c:\documents and settings\Patricia\l8e2y47s5.exe
c:\documents and settings\Patricia\l8k4j12r6.exe
c:\documents and settings\Patricia\l8l6e33w9.exe
c:\documents and settings\Patricia\m1b1e22v1.exe
c:\documents and settings\Patricia\m1b6t14m2.exe
c:\documents and settings\Patricia\m1d4r21d6.exe
c:\documents and settings\Patricia\m6o5u66c3.exe
c:\documents and settings\Patricia\m7n8l26n8.exe
c:\documents and settings\Patricia\n2y2z11d1.exe
c:\documents and settings\Patricia\n3x8k98v3.exe
c:\documents and settings\Patricia\n4n2f59o7.exe
c:\documents and settings\Patricia\n5j6u66c1.exe
c:\documents and settings\Patricia\n5j9m66l9.exe
c:\documents and settings\Patricia\n8m7z84i1.exe
c:\documents and settings\Patricia\n9l7m15l7.exe
c:\documents and settings\Patricia\o5g7b73e8.exe
c:\documents and settings\Patricia\o7n7v24h5.exe
c:\documents and settings\Patricia\p1j4u16k9.exe
c:\documents and settings\Patricia\p2o2f75r6.exe
c:\documents and settings\Patricia\p2v5a26i6.exe
c:\documents and settings\Patricia\p5a3w68c5.exe
c:\documents and settings\Patricia\p8z8f69q5.exe
c:\documents and settings\Patricia\q5k3i83j6.exe
c:\documents and settings\Patricia\r3d9x57b5.exe
c:\documents and settings\Patricia\r4p7h92t7.exe
c:\documents and settings\Patricia\r4w1g45o6.exe
c:\documents and settings\Patricia\rdt2asn9.exe
c:\documents and settings\Patricia\rt2asn9.exe
c:\documents and settings\Patricia\rt2kdkk.exe
c:\documents and settings\Patricia\rt2kkk.exe
c:\documents and settings\Patricia\rtradsfa2.exe
c:\documents and settings\Patricia\rtradsfa3.exe
c:\documents and settings\Patricia\rtradsfc2.exe
c:\documents and settings\Patricia\rtradsfd8.exe
c:\documents and settings\Patricia\rtradsfe2.exe
c:\documents and settings\Patricia\rtradsfe3.exe
c:\documents and settings\Patricia\rtradsff8.exe
c:\documents and settings\Patricia\rtradsfg4.exe
c:\documents and settings\Patricia\rtradsfh2.exe
c:\documents and settings\Patricia\rtradsfh5.exe
c:\documents and settings\Patricia\rtradsfj7.exe
c:\documents and settings\Patricia\rtradsfk2.exe
c:\documents and settings\Patricia\rtradsfn2.exe
c:\documents and settings\Patricia\rtradsfr4.exe
c:\documents and settings\Patricia\rtradsfs3.exe
c:\documents and settings\Patricia\rtradsft1.exe
c:\documents and settings\Patricia\rtradsfy1.exe
c:\documents and settings\Patricia\rtradsfz3.exe
c:\documents and settings\Patricia\s8k6i52c6.exe
c:\documents and settings\Patricia\s8p6c48v3.exe
c:\documents and settings\Patricia\s9i7y33c5.exe
c:\documents and settings\Patricia\s9v8e47n5.exe
c:\documents and settings\Patricia\srtrdas.exe
c:\documents and settings\Patricia\t2c8t29m3.exe
c:\documents and settings\Patricia\t2n2u88j2.exe
c:\documents and settings\Patricia\t6q2n84y4.exe
c:\documents and settings\Patricia\t7l6u38k3.exe
c:\documents and settings\Patricia\t7r4n35o5.exe
c:\documents and settings\Patricia\t8w3a13n1.exe
c:\documents and settings\Patricia\t8y8x91v3.exe
c:\documents and settings\Patricia\t9g3r43z8.exe
c:\documents and settings\Patricia\u2q5p93l2.exe
c:\documents and settings\Patricia\u3d3d59j6.exe
c:\documents and settings\Patricia\u6j8f83l7.exe
c:\documents and settings\Patricia\u7q2b24a1.exe
c:\documents and settings\Patricia\u9q9v95q2.exe
c:\documents and settings\Patricia\v3j3o34h3.exe
c:\documents and settings\Patricia\v4n7a25g7.exe
c:\documents and settings\Patricia\v5t9v69u1.exe
c:\documents and settings\Patricia\v7c8b25a2.exe
c:\documents and settings\Patricia\v8l1y62j2.exe
c:\documents and settings\Patricia\w3c3f63g4.exe
c:\documents and settings\Patricia\w4h5n21o1.exe
c:\documents and settings\Patricia\w5p9q75p1.exe
c:\documents and settings\Patricia\w6y2e23d7.exe
c:\documents and settings\Patricia\w7e1u45t1.exe
c:\documents and settings\Patricia\w7e1w52f6.exe
c:\documents and settings\Patricia\w8d7c28x4.exe
c:\documents and settings\Patricia\w9g2r55n5.exe
c:\documents and settings\Patricia\w9z8w27f7.exe
c:\documents and settings\Patricia\x4u7z74e4.exe
c:\documents and settings\Patricia\x5y1n76j6.exe
c:\documents and settings\Patricia\x6e5w47z5.exe
c:\documents and settings\Patricia\x8g7n23q7.exe
c:\documents and settings\Patricia\x8m5d47g6.exe
c:\documents and settings\Patricia\x9f3u46r6.exe
c:\documents and settings\Patricia\y2h7j53f6.exe
c:\documents and settings\Patricia\y4t7r26q6.exe
c:\documents and settings\Patricia\y5g3o79q1.exe
c:\documents and settings\Patricia\y6t5a36m6.exe
c:\documents and settings\Patricia\y8j2p18m2.exe
c:\documents and settings\Patricia\y8r8k26k1.exe
c:\documents and settings\Patricia\z4c3g28s2.exe
c:\documents and settings\Patricia\z4n3u98w6.exe
c:\documents and settings\Patricia\z7a8g13b2.exe
c:\object\ORIANTED\may1x3.exe
c:\windows\SYSTEM32\dafadrr.exe
c:\windows\SYSTEM32\ddaqaeb2.exe
c:\windows\SYSTEM32\ddaqaeb3.exe
c:\windows\SYSTEM32\ddaqaeb4.exe
c:\windows\SYSTEM32\ddaqaeb8.exe
c:\windows\SYSTEM32\ddaqaec1.exe
c:\windows\SYSTEM32\ddaqaec4.exe
c:\windows\SYSTEM32\ddaqaed4.exe
c:\windows\SYSTEM32\ddaqaed7.exe
c:\windows\SYSTEM32\ddaqaed8.exe
c:\windows\SYSTEM32\ddaqaee1.exe
c:\windows\SYSTEM32\ddaqaee4.exe
c:\windows\SYSTEM32\ddaqaee6.exe
c:\windows\SYSTEM32\ddaqaee9.exe
c:\windows\SYSTEM32\ddaqaef2.exe
c:\windows\SYSTEM32\ddaqaef4.exe
c:\windows\SYSTEM32\ddaqaef6.exe
c:\windows\SYSTEM32\ddaqaef7.exe
c:\windows\SYSTEM32\ddaqaeg9.exe
c:\windows\SYSTEM32\ddaqaeh3.exe
c:\windows\SYSTEM32\ddaqaeh4.exe
c:\windows\SYSTEM32\ddaqaei1.exe
c:\windows\SYSTEM32\ddaqaei2.exe
c:\windows\SYSTEM32\ddaqaei6.exe
c:\windows\SYSTEM32\ddaqaei7.exe
c:\windows\SYSTEM32\ddaqaei8.exe
c:\windows\SYSTEM32\ddaqaej2.exe
c:\windows\SYSTEM32\ddaqaej4.exe
c:\windows\SYSTEM32\ddaqaej7.exe
c:\windows\SYSTEM32\ddaqaek1.exe
c:\windows\SYSTEM32\ddaqaek2.exe
c:\windows\SYSTEM32\ddaqaek4.exe
c:\windows\SYSTEM32\ddaqaek7.exe
c:\windows\SYSTEM32\ddaqael1.exe
c:\windows\SYSTEM32\ddaqael6.exe
c:\windows\SYSTEM32\ddaqaem1.exe
c:\windows\SYSTEM32\ddaqaem3.exe
c:\windows\SYSTEM32\ddaqaem4.exe
c:\windows\SYSTEM32\ddaqaem9.exe
c:\windows\SYSTEM32\ddaqaen1.exe
c:\windows\SYSTEM32\ddaqaen5.exe
c:\windows\SYSTEM32\ddaqaen8.exe
c:\windows\SYSTEM32\ddaqaeo1.exe
c:\windows\SYSTEM32\ddaqaeo2.exe
c:\windows\SYSTEM32\ddaqaeo9.exe
c:\windows\SYSTEM32\ddaqaep1.exe
c:\windows\SYSTEM32\ddaqaep7.exe
c:\windows\SYSTEM32\ddaqaeq4.exe
c:\windows\SYSTEM32\ddaqaeq7.exe
c:\windows\SYSTEM32\ddaqaer2.exe
c:\windows\SYSTEM32\ddaqaes2.exe
c:\windows\SYSTEM32\ddaqaes7.exe
c:\windows\SYSTEM32\ddaqaet3.exe
c:\windows\SYSTEM32\ddaqaet5.exe
c:\windows\SYSTEM32\ddaqaev6.exe
c:\windows\SYSTEM32\ddaqaev9.exe
c:\windows\SYSTEM32\ddaqaew1.exe
c:\windows\SYSTEM32\ddaqaew7.exe
c:\windows\SYSTEM32\ddaqaew8.exe
c:\windows\SYSTEM32\ddaqaex2.exe
c:\windows\SYSTEM32\ddaqaex5.exe
c:\windows\SYSTEM32\ddaqaex6.exe
c:\windows\SYSTEM32\ddaqaey2.exe
c:\windows\SYSTEM32\ddaqaey3.exe
c:\windows\SYSTEM32\ddaqaez3.exe
c:\windows\SYSTEM32\ddaqaez4.exe
c:\windows\SYSTEM32\ddaqaez9.exe
c:\windows\SYSTEM32\ddffadrr.exe
c:\windows\SYSTEM32\dsfffadrr.exe
c:\windows\SYSTEM32\eadjadea2.exe
c:\windows\SYSTEM32\eadjadea4.exe
c:\windows\SYSTEM32\eadjadea6.exe
c:\windows\SYSTEM32\eadjaded4.exe
c:\windows\SYSTEM32\eadjadeg1.exe
c:\windows\SYSTEM32\eadjadeg3.exe
c:\windows\SYSTEM32\eadjadem8.exe
c:\windows\SYSTEM32\eadjadep3.exe
c:\windows\SYSTEM32\eadjades4.exe
c:\windows\SYSTEM32\eadjadeu5.exe
c:\windows\SYSTEM32\eadjadev4.exe
c:\windows\SYSTEM32\eadjadew3.exe
c:\windows\SYSTEM32\eadjadew5.exe
c:\windows\SYSTEM32\eadjadew8.exe
c:\windows\SYSTEM32\eadjadey1.exe
c:\windows\SYSTEM32\eadjadez1.exe
c:\windows\SYSTEM32\eadjadez9.exe
c:\windows\SYSTEM32\efxdzja4.exe
c:\windows\SYSTEM32\efxdzja5.exe
c:\windows\SYSTEM32\efxdzjb3.exe
c:\windows\SYSTEM32\efxdzjh6.exe
c:\windows\SYSTEM32\efxdzji3.exe
c:\windows\SYSTEM32\efxdzjj1.exe
c:\windows\SYSTEM32\efxdzjj3.exe
c:\windows\SYSTEM32\efxdzjk2.exe
c:\windows\SYSTEM32\efxdzjk8.exe
c:\windows\SYSTEM32\efxdzjo8.exe
c:\windows\SYSTEM32\efxdzjp3.exe
c:\windows\SYSTEM32\efxdzjs2.exe
c:\windows\SYSTEM32\efxdzju7.exe
c:\windows\SYSTEM32\ifprq.exe
c:\windows\SYSTEM32\jadaded3.exe
c:\windows\SYSTEM32\jadaded7.exe
c:\windows\SYSTEM32\jadadek3.exe
c:\windows\SYSTEM32\jadadek4.exe
c:\windows\SYSTEM32\jadadel5.exe
c:\windows\SYSTEM32\jadaden4.exe
c:\windows\SYSTEM32\jadadep6.exe
c:\windows\SYSTEM32\jadadet5.exe
c:\windows\SYSTEM32\jadadet7.exe
c:\windows\SYSTEM32\jadadev4.exe
c:\windows\SYSTEM32\jadadex4.exe
c:\windows\SYSTEM32\jadadey1.exe
c:\windows\SYSTEM32\jadadey2.exe
c:\windows\SYSTEM32\jadadey4.exe
c:\windows\SYSTEM32\kazaabackupfiles\administrator.exe
c:\windows\SYSTEM32\kazaabackupfiles\angelina.exe
c:\windows\SYSTEM32\kazaabackupfiles\AquaNox2 Crack.exe
c:\windows\SYSTEM32\kazaabackupfiles\AVP_Crack.exe
c:\windows\SYSTEM32\kazaabackupfiles\Battlefield1942_bloodpatch.exe
c:\windows\SYSTEM32\kazaabackupfiles\britney_spears.exe
c:\windows\SYSTEM32\kazaabackupfiles\C&C Generals_crack.exe
c:\windows\SYSTEM32\kazaabackupfiles\celeb.exe
c:\windows\SYSTEM32\kazaabackupfiles\cracker_jack.exe
c:\windows\SYSTEM32\kazaabackupfiles\cracking_tools.exe
c:\windows\SYSTEM32\kazaabackupfiles\FIFA2003 crack.exe
c:\windows\SYSTEM32\kazaabackupfiles\free_root.exe
c:\windows\SYSTEM32\kazaabackupfiles\free_shell.exe
c:\windows\SYSTEM32\kazaabackupfiles\get_admin.exe
c:\windows\SYSTEM32\kazaabackupfiles\hacking.exe
c:\windows\SYSTEM32\kazaabackupfiles\Email Removed_hack.exe
c:\windows\SYSTEM32\kazaabackupfiles\kazza_hack.exe
c:\windows\SYSTEM32\kazaabackupfiles\McAfee.exe
c:\windows\SYSTEM32\kazaabackupfiles\msn.exe
c:\windows\SYSTEM32\kazaabackupfiles\NBA2003_crack.exe
c:\windows\SYSTEM32\kazaabackupfiles\norton.exe
c:\windows\SYSTEM32\kazaabackupfiles\password_stealer.exe
c:\windows\SYSTEM32\kazaabackupfiles\phreaking.exe
c:\windows\SYSTEM32\kazaabackupfiles\phreaking_tools.exe
c:\windows\SYSTEM32\kazaabackupfiles\Porn.exe
c:\windows\SYSTEM32\kazaabackupfiles\remoter.exe
c:\windows\SYSTEM32\kazaabackupfiles\root.exe
c:\windows\SYSTEM32\kazaabackupfiles\serial.exe
c:\windows\SYSTEM32\kazaabackupfiles\sms.exe
c:\windows\SYSTEM32\kazaabackupfiles\soldier_of_fortune_crack.exe
c:\windows\SYSTEM32\kazaabackupfiles\Sygate_all_crack.exe
c:\windows\SYSTEM32\kazaabackupfiles\sygate_firawall_crack.exe
c:\windows\SYSTEM32\kazaabackupfiles\tiny_personal_firewall_crack.exe
c:\windows\SYSTEM32\kazaabackupfiles\Unreal2_bloodpatch.exe
c:\windows\SYSTEM32\kazaabackupfiles\UT2003_bloodpatch.exe
c:\windows\SYSTEM32\kazaabackupfiles\xxx.exe
c:\windows\SYSTEM32\kazaabackupfiles\zoneallarm_pro_crack.exe
c:\windows\SYSTEM32\lwlse.exe
.
Infected copy of c:\windows\system32\drivers\SYMC8XX.SYS was found and disinfected
Restored copy from - Kitty had a snack http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\':P\' />
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_WINDOWS_OVERLAY_COMPONENTS
-------\Service_6to4


(((((((((((((((((((((((((   Files Created from 2010-05-28 to 2010-06-28  )))))))))))))))))))))))))))))))
.

2010-06-28 00:04 . 2010-06-28 00:04   --------   d-----w-   c:\program files\Trend Micro
2010-06-27 23:49 . 2004-08-04 03:58   14848   -c--a-w-   c:\windows\system32\drivers\kbdhid.sys
2010-06-27 23:49 . 2004-08-04 03:58   14848   ----a-w-   c:\windows\system32\dllcache\kbdhid.sys
2010-06-20 20:45 . 2010-06-20 20:45   143361   ----a-w-   c:\documents and settings\Patricia\s6w1o64j4.exe
2010-06-09 22:33 . 2010-06-09 22:33   --------   d-sh--r-   c:\windows\system32\avchost
2010-06-09 13:27 . 2010-06-09 13:27   --------   d-----w-   c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-06-09 13:25 . 2010-06-09 13:26   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-08 15:14 . 2010-06-08 15:14   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-06-08 15:14 . 2010-06-08 15:14   10240   ----a-w-   c:\windows\system32\WinSockInstall.exe
2010-06-07 21:31 . 2010-06-07 20:43   241664   ----a-w-   c:\windows\dirstat32.exe
2010-06-07 19:32 . 2010-06-07 19:32   --------   d-sh--r-   c:\documents and settings\NetworkService\Local Settings\Application Data\AMD Drivers
2010-06-07 18:27 . 2010-06-07 18:27   2304   -c--a-w-   c:\windows\system32\mipsinf.sys
2010-06-02 13:18 . 2010-06-02 13:07   397824   -c--a-w-   C:\myhotpics.scr
2010-06-02 13:15 . 2010-06-02 13:15   163840   -c--a-w-   C:\hax.exe
2010-06-02 13:14 . 2010-06-02 13:14   163840   ----a-w-   c:\windows\system32\hax.exe
2010-06-02 00:24 . 2010-06-28 01:20   --------   dc----w-   C:\directory

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 01:18 . 2010-05-26 02:05   --------   d-sh--r-   c:\documents and settings\Patricia\Application Data\recyclerr
2010-06-28 00:04 . 2010-06-28 00:04   388096   ----a-r-   c:\documents and settings\Patricia\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-13 07:04 . 2010-06-06 16:41   112   ----a-w-   c:\documents and settings\All Users\Application Data\5F0VfNY4.dat
2010-06-02 01:33 . 2010-06-02 01:33   72192   ----a-w-   c:\documents and settings\Patricia\Application Data\zceimvc.exe
2010-06-02 01:33 . 2010-06-02 01:33   72192   ----a-w-   c:\documents and settings\Patricia\Application Data\zceimvc.exe
2010-06-02 01:31 . 2010-06-02 01:31   72192   ----a-w-   c:\documents and settings\Patricia\Application Data\juzloyq.exe
2010-06-02 01:31 . 2010-06-02 01:31   72192   ----a-w-   c:\documents and settings\Patricia\Application Data\juzloyq.exe
2010-06-02 01:23 . 2010-06-02 01:23   643072   ----a-w-   c:\documents and settings\Patricia\Application Data\gjqvpyf.exe
2010-06-02 01:23 . 2010-06-02 01:23   643072   ----a-w-   c:\documents and settings\Patricia\Application Data\gjqvpyf.exe
2010-06-02 01:15 . 2010-06-02 01:15   643072   ----a-w-   c:\documents and settings\Patricia\Application Data\lptglmo.exe
2010-06-02 01:15 . 2010-06-02 01:15   643072   ----a-w-   c:\documents and settings\Patricia\Application Data\lptglmo.exe
2010-06-02 01:12 . 2010-06-02 01:12   643072   ----a-w-   c:\documents and settings\Patricia\Application Data\abzylha.exe
2010-06-02 01:12 . 2010-06-02 01:12   643072   ----a-w-   c:\documents and settings\Patricia\Application Data\abzylha.exe
2010-06-02 00:18 . 2010-06-02 00:17   1080233   ----a-w-   c:\documents and settings\Patricia\Application Data\uhnegwu.exe
2010-06-02 00:18 . 2010-06-02 00:17   1080233   ----a-w-   c:\documents and settings\Patricia\Application Data\uhnegwu.exe
2010-06-01 18:57 . 2010-05-26 04:48   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-05-26 04:53 . 2010-05-26 04:53   529   -c--a-w-   C:\firewall.bat
2010-05-26 04:52 . 2010-05-26 04:52   376   -c--a-w-   C:\security.bat
2010-05-26 02:03 . 2010-05-26 02:03   730   ----a-w-   c:\documents and settings&#
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Microsoft .net (509) Bandwidth error keeps popping up
« Reply #3 on: June 27, 2010, 09:44:18 PM »
NOTE: Instead of using the REPLY button, just below my reply, can you use the ADD REPLY button instead, this will eliminate the need to quote me when you reply, thanks

Download [color="#FF0000"]ATF-Cleaner[/color] by Atribune.
Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

If you use Firefox browser
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.    
  • If an update is found, it will download and install the latest version.    
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.    
  • The scan may take some time to finish,so please be patient.    
  • When the scan is complete, click OK, then Show Results to view the results.    
  • Make sure that everything is checked, and click Remove Selected.
        * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)    
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.    
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

With the log from MBAM, can I also see the following
Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.
  • Close all windows and double click on OTL.exe to run it
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Dale

  • Full Member
  • ***
  • Posts: 178
  • Karma: +0/-0
    • View Profile
Microsoft .net (509) Bandwidth error keeps popping up
« Reply #4 on: June 28, 2010, 07:33:31 PM »
Here are the logs you requested.

Thanks for all your help on this,
Dale

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4251

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

6/28/2010 7:18:16 PM
mbam-log-2010-06-28 (19-18-16).txt

Scan type: Quick scan
Objects scanned: 159311
Time elapsed: 8 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 37

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{64klc5k0-4opm-00we-aax8-17ef1d187666} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67kln5j0-4opm-00we-aax5-77ef1d187463} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{67kln5j0-4opm-33we-aax5-21kc2a2312233} (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{67kln5j0-4opm-00we-aax5-77ef1d187563} (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{13pop6m8-1mad-24ad-jim1-73op5g2223335} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{23mad6m9-4mad-76ad-jim3-73op5g7781022} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{67kln5k0-4opm-00we-aax5-27ef1d187263} (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{64klc5k0-4opm-00we-aax8-17ef1d187666} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{67kln5j0-4opm-00we-aax5-77ef1d187463} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{67kln5j0-4opm-01we-aax5-314cca003177} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{63klc5k0-4opm-00we-aax8-17ef1d187263} (Worm.AutoRun) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{64klc5k0-4opm-00we-aax8-27ef1d183366} (Worm.AutoRun) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\DREAM\PIANO (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\JAN\J-1-2-34-000000AAAA-11111111111-5555555555-111 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ROM\P-43553JIYW-8374322329-0909090987-120 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\ROM\P-43553JIYW-8374322329-0909090987-120\sys32s.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\JAN\J-1-2-34-000000AAAA-11111111111-5555555555-111\Max.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\7893d6e7.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Program Files\Uninstall My Web Search.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ntconfig.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\efxdzjx8.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\ddaqaeu1.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\t3o5j28p6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\u2s6g55q8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\u2u1u93j5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\u5g1z74h2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\w9j6t61r2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\w9r2u79n7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\efxdzje8.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\efxdzjl3.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\w1p8w76c5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\y2c3f85d8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\y4c6u14l5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\y8h9v46j5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\ddaqaey3.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\s1b3l76a1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\w2g5o58g8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\w6l8m18n6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\z2c5e39m6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\z3z6g46z4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\w1s7t67k9.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\dirstat32.exe (Backdoor.LolBot) -> Quarantined and deleted successfully.
C:\WINDOWS\dsujglfA.exe (P2P.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAV\pav.exe.tmp1 (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAV\pav.exe.tmp10 (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAV\pav.exe.tmp4 (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAV\pav.exe.tmp7 (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\DREAM\PIANO\DeSKtOp.InI (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\JAN\J-1-2-34-000000AAAA-11111111111-5555555555-111\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ROM\P-43553JIYW-8374322329-0909090987-120\DeSkToP.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\Local Settings\Application Data\AMD Drivers\AMD_graphics.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\MSWD-7893d6e7.job (Trojan.DNSChanger) -> Quarantined and deleted successfully.



OTL logfile created on: 6/28/2010 7:26:49 PM - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Documents and Settings\Patricia\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.00 Mb Total Physical Memory | 258.00 Mb Available Physical Memory | 51.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.86 Gb Total Space | 7.50 Gb Free Space | 10.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HERNANDEZ
Current User Name: Patricia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010/06/28 19:02:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
PRC - [2009/07/27 19:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/03/25 13:39:52 | 000,259,184 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\Yahoo!\Antivirus\iSafe.exe
PRC - [2006/03/25 13:39:52 | 000,201,840 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/06/28 19:02:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 06:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MSSCRIPT.OCX
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] --  -- (iPod Service)
SRV - File not found [Auto | Stopped] --  -- (Bonjour Service)
SRV - File not found [Auto | Stopped] --  -- (Apple Mobile Device)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/03/25 13:39:52 | 000,259,184 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\Antivirus\iSafe.exe -- (CAISafe)
SRV - [2006/03/25 13:39:52 | 000,201,840 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\Antivirus\VetMsg.exe -- (VETMSGNT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/06/07 13:27:47 | 000,002,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\mipsinf.sys -- (mipsinf)
DRV - [2009/01/22 14:19:28 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/10/31 20:00:00 | 000,251,264 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\V0500Vid.sys -- (V0500Dev)
DRV - [2007/08/17 16:09:42 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys -- (MCSTRM)
DRV - [2007/07/23 12:14:52 | 000,879,832 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VetEFile.sys -- (VETEFILE)
DRV - [2007/07/23 12:14:52 | 000,108,360 | ---- | M] (Computer Associates International, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VetEBoot.sys -- (VETEBOOT)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\winusb.sys -- (WinUSB)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/07/31 07:53:33 | 000,026,787 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vetmonnt.sys -- (VETMONNT)
DRV - [2006/03/25 13:39:51 | 000,021,031 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Vet-Filt.sys -- (VET-FILT)
DRV - [2006/03/25 13:39:51 | 000,015,735 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VetFDDNT.sys -- (VETFDDNT)
DRV - [2006/03/25 13:39:51 | 000,015,478 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Vet-Rec.sys -- (VET-REC)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/04 00:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2003/12/03 18:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =  
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/bin/search?p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "cnn.com"
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/23 09:19:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/23 09:19:25 | 000,000,000 | ---D | M]
 
[2009/03/30 20:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Extensions
[2009/03/30 20:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Extensions\[email protected]
[2007/10/10 22:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0gvk94vz.pat\extensions
[2007/10/10 22:26:45 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0gvk94vz.pat\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2007/09/20 16:04:31 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0gvk94vz.pat\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/10 22:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\2zklgymp.Default User\extensions
[2007/10/10 22:26:44 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\2zklgymp.Default User\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2007/08/15 17:53:54 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\2zklgymp.Default User\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/10 22:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\4q90g3ff.luisto\extensions
[2007/10/10 22:26:45 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\4q90g3ff.luisto\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2007/09/25 19:53:20 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\4q90g3ff.luisto\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/10 22:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\b41gagje.patricia\extensions
[2007/10/10 22:26:44 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\b41gagje.patricia\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2007/09/19 08:12:54 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\b41gagje.patricia\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/12/06 12:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\is1ajgcd.adsfrasdfasdf\extensions
[2007/12/06 12:46:04 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\is1ajgcd.adsfrasdfasdf\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/05/20 06:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\njc1lodw.serhsfghfshnet\extensions
[2009/09/03 06:13:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\njc1lodw.serhsfghfshnet\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/14 03:18:47 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\njc1lodw.serhsfghfshnet\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2007/11/25 13:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\rwnirsj3.asdfagfafg\extensions
[2007/11/25 13:58:03 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\rwnirsj3.asdfagfafg\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/10 22:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\te0mdbit.luis\extensions
[2007/10/10 22:26:44 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\te0mdbit.luis\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2007/08/23 16:19:17 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\te0mdbit.luis\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/10 22:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\extensions
[2007/10/10 22:26:44 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2007/12/08 23:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\ytzxsw6o.wfdadsfasdfasfasdf\extensions
[2007/12/08 23:17:30 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\ytzxsw6o.wfdadsfasdfasfasdf\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/29 16:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\z6reike9.dude\extensions
[2007/10/29 16:59:06 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\z6reike9.dude\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2006/05/17 16:10:44 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\searchplugins\ask.gif
[2006/05/17 16:10:44 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\searchplugins\ask.src
[2006/05/21 17:20:15 | 000,002,883 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\searchplugins\espn.png
[2006/05/21 17:20:16 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\searchplugins\espn.src
[2006/12/15 20:04:55 | 000,003,514 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\searchplugins\foodtv.png
[2006/12/15 20:04:55 | 000,001,047 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\searchplugins\foodtv.src
[2006/05/21 17:20:30 | 000,000,411 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\searchplugins\hollywood.gif
[2006/05/21 17:20:30 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\searchplugins\hollywood.src
[2006/10/10 18:31:17 | 000,000,969 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\searchplugins\jeeves.gif
[2006/10/10 18:31:17 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\searchplugins\jeeves.src
[2006/12/11 20:33:27 | 000,000,125 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\searchplugins\webster.gif
[2006/12/11 20:33:27 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\searchplugins\webster.src
[2006/10/22 20:01:10 | 000,000,503 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\searchplugins\wikipedia.png
[2006/10/22 20:01:10 | 000,001,037 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\searchplugins\wikipedia.src
[2006/05/21 17:43:43 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\searchplugins\yahooligans.png
[2006/05/21 17:43:43 | 000,001,101 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\searchplugins\yahooligans.src
[2006/05/21 17:42:48 | 000,000,378 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\searchplugins\yanswers.gif
[2006/05/21 17:42:48 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\uonvb84r.default\searchplugins\yanswers.src
[2010/05/20 06:40:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/11/12 22:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
[2006/06/27 12:55:06 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
 
O1 HOSTS File: ([2010/06/27 20:23:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EF56413F-9398-4DF5-BC88-6FC3B227D5C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKCU\..Trusted Domains: yahoo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} http://files.member.yahoo.com/dl/installs/sbc/yinst.cab (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (YAddBook Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (PhotosCtrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Patricia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patricia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/06/28 19:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\Malwarebytes
[2010/06/28 19:06:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/28 19:06:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/28 19:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/28 19:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/28 19:02:32 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Patricia\Desktop\mbam-setup-1.46.exe
[2010/06/28 19:02:32 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
[2010/06/28 19:01:03 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Patricia\Desktop\ATF-Cleaner.exe
[2010/06/27 20:46:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/27 20:43:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/27 19:40:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/27 19:35:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/27 19:35:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/27 19:35:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/27 19:35:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/27 19:34:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/27 19:28:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/27 19:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/27 18:49:40 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2010/06/20 15:45:07 | 000,143,361 | ---- | C] (DFoWrcHJ3V) -- C:\Documents and Settings\Patricia\s6w1o64j4.exe
[2010/06/09 17:33:50 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\avchost
[2010/06/09 08:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/06/09 08:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/09 08:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/08 10:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/06/08 02:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/07 14:32:28 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AMD Drivers
[2010/06/07 02:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/06/02 08:18:07 | 000,397,824 | ---- | C] (Microsoft) -- C:\myhotpics.scr
[2010/06/02 08:15:03 | 000,163,840 | ---- | C] (s328355Wx998331WLd785) -- C:\hax.exe
[2010/06/02 08:14:38 | 000,163,840 | ---- | C] (s328355Wx998331WLd785) -- C:\WINDOWS\System32\hax.exe
[2010/06/01 20:33:30 | 000,072,192 | ---- | C] (QQyXa) -- C:\Documents and Settings\Patricia\Application Data\zceimvc.exe
[2010/06/01 20:31:16 | 000,072,192 | ---- | C] (QQyXa) -- C:\Documents and Settings\Patricia\Application Data\juzloyq.exe
[2010/06/01 20:23:36 | 000,643,072 | ---- | C] (DQ06ToAw3l) -- C:\Documents and Settings\Patricia\Application Data\gjqvpyf.exe
[2010/06/01 20:15:07 | 000,643,072 | ---- | C] (DQ06ToAw3l) -- C:\Documents and Settings\Patricia\Application Data\lptglmo.exe
[2010/06/01 20:12:46 | 000,643,072 | ---- | C] (DQ06ToAw3l) -- C:\Documents and Settings\Patricia\Application Data\abzylha.exe
[2010/06/01 19:24:44 | 000,000,000 | ---D | C] -- C:\directory
[2010/06/01 19:17:34 | 001,080,233 | ---- | C] (Microsoft) -- C:\Documents and Settings\Patricia\Application Data\uhnegwu.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Patricia\My Documents\*.tmp files -> C:\Documents and Settings\Patricia\My Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/06/28 19:22:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/06/28 19:20:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/28 19:20:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/06/28 19:19:56 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Patricia\NTUSER.DAT
[2010/06/28 19:19:56 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Patricia\NTUSER.INI
[2010/06/28 19:06:35 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/28 19:02:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
[2010/06/28 19:02:32 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Patricia\Desktop\mbam-setup-1.46.exe
[2010/06/28 19:01:03 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Patricia\Desktop\ATF-Cleaner.exe
[2010/06/28 19:01:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2785472910-173239731-3353589407-1010UA.job
[2010/06/27 20:23:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/27 20:23:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/06/27 19:41:00 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/06/27 19:27:15 | 003,722,103 | R--- | M] () -- C:\Documents and Settings\Patricia\Desktop\ComboFix.exe
[2010/06/27 19:04:42 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\HiJackThis.lnk
[2010/06/27 19:02:32 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\HiJackThis.msi
[2010/06/20 15:45:09 | 000,143,361 | ---- | M] (DFoWrcHJ3V) -- C:\Documents and Settings\Patricia\s6w1o64j4.exe
[2010/06/13 02:04:02 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\5F0VfNY4.dat
[2010/06/12 05:02:41 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2785472910-173239731-3353589407-1010Core.job
[2010/06/08 10:14:39 | 000,000,037 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/06/08 10:14:34 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\WinSockInstall.exe
[2010/06/07 13:27:47 | 000,002,304 | ---- | M] () -- C:\WINDOWS\System32\mipsinf.sys
[2010/06/07 02:18:20 | 000,047,248 | ---- | M] () -- C:\debug
[2010/06/02 08:15:06 | 000,163,840 | ---- | M] (s328355Wx998331WLd785) -- C:\hax.exe
[2010/06/02 08:14:45 | 000,163,840 | ---- | M] (s328355Wx998331WLd785) -- C:\WINDOWS\System32\hax.exe
[2010/06/02 08:07:46 | 000,397,824 | ---- | M] (Microsoft) -- C:\myhotpics.scr
[2010/06/01 20:33:32 | 000,072,192 | ---- | M] (QQyXa) -- C:\Documents and Settings\Patricia\Application Data\zceimvc.exe
[2010/06/01 20:31:17 | 000,072,192 | ---- | M] (QQyXa) -- C:\Documents and Settings\Patricia\Application Data\juzloyq.exe
[2010/06/01 20:23:44 | 000,643,072 | ---- | M] (DQ06ToAw3l) -- C:\Documents and Settings\Patricia\Application Data\gjqvpyf.exe
[2010/06/01 20:15:12 | 000,643,072 | ---- | M] (DQ06ToAw3l) -- C:\Documents and Settings\Patricia\Application Data\lptglmo.exe
[2010/06/01 20:12:52 | 000,643,072 | ---- | M] (DQ06ToAw3l) -- C:\Documents and Settings\Patricia\Application Data\abzylha.exe
[2010/06/01 19:18:04 | 001,080,233 | ---- | M] (Microsoft) -- C:\Documents and Settings\Patricia\Application Data\uhnegwu.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Patricia\My Documents\*.tmp files -> C:\Documents and Settings\Patricia\My Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/06/28 19:06:35 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/27 19:41:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/27 19:40:51 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/27 19:35:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/27 19:35:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/27 19:35:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/27 19:35:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/27 19:35:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/27 19:25:35 | 003,722,103 | R--- | C] () -- C:\Documents and Settings\Patricia\Desktop\ComboFix.exe
[2010/06/27 19:04:13 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\HiJackThis.lnk
[2010/06/27 19:01:40 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\HiJackThis.msi
[2010/06/08 10:14:26 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\WinSockInstall.exe
[2010/06/07 13:27:47 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\mipsinf.sys
[2010/06/07 02:18:20 | 000,047,248 | ---- | C] () -- C:\debug
[2010/06/06 11:41:06 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\5F0VfNY4.dat
[2007/08/15 16:57:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/21 07:04:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/04/21 07:03:16 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/04/21 07:00:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/03/17 15:22:36 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/23 20:27:21 | 000,000,228 | ---- | C] () -- C:\WINDOWS\hkwjpiz..ini
[2006/03/23 19:41:40 | 000,000,238 | ---- | C] () -- C:\WINDOWS\104elosn.ini
[2006/03/16 04:01:54 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/03/06 20:07:48 | 000,001,842 | ---- | C] () -- C:\WINDOWS\Jglnmdvu.ini
[2005/12/25 21:30:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/12/25 21:29:56 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2005/12/25 21:27:54 | 000,000,048 | ---- | C] () -- C:\WINDOWS\EPSPictureMate.ini
[2005/03/24 12:18:01 | 000,000,103 | ---- | C] () -- C:\WINDOWS\picturific.ini
[2005/03/24 11:57:47 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/01/23 22:17:03 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/17 09:59:13 | 000,001,673 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/01/07 21:05:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/12/31 01:52:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/31 01:44:18 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/31 01:38:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/31 01:02:40 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/12/05 23:09:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\msxml3a.dll
[2003/07/14 14:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2002/12/10 01:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/12/10 01:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663565B1
< End of report >


OTL Extras logfile created on: 6/28/2010 7:26:49 PM - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Documents and Settings\Patricia\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.00 Mb Total Physical Memory | 258.00 Mb Available Physical Memory | 51.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.86 Gb Total Space | 7.50 Gb Free Space | 10.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HERNANDEZ
Current User Name: Patricia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\WINWORD.EXE" /n /dde File not found
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"4064:UDP" = 4064:UDP:*:Enabled:Windows Media Format SDK (firefox.exe)
"4065:UDP" = 4065:UDP:*:Enabled:Windows Media Format SDK (firefox.exe)
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell Inc\Dell Picture Studio v3.0\launch.exe" = C:\Program Files\Dell Inc\Dell Picture Studio v3.0\launch.exe:*:Disabled:Jasc Paint Shop Photo Album 5 Application -- (Jasc Software)
"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:En
Logged

Offline Dale

  • Full Member
  • ***
  • Posts: 178
  • Karma: +0/-0
    • View Profile
Microsoft .net (509) Bandwidth error keeps popping up
« Reply #5 on: June 28, 2010, 07:40:01 PM »
I thought I'd mention that things do seem better on this system.  I'm not seeing that pop up about .Net with the 509 anymore.

I still can't run firefox though.  When I start it, I see a dialog box that has XULRunner in the title bar.  The text in the box says "Error: Platform version '1.90.0.18' is not compatible with minVersion >= 1.9.0.19 maxVersion <= 1.9.0.19.

I'm sure we're not done yet but I thought I'd let you know what I'm seeing now.

Take care,
Dale
Logged

Offline Dale

  • Full Member
  • ***
  • Posts: 178
  • Karma: +0/-0
    • View Profile
Microsoft .net (509) Bandwidth error keeps popping up
« Reply #6 on: June 28, 2010, 08:01:15 PM »
Guestolo,

I hope it's not a problem but as I went to shutdown that problematic system, Windows wanted to apply a bunch of updates - looks to be about 20 including a lot of security updates and IE8, and I let it.

I'll see what happens when it's all done.  Hopefully IE8 will not be an issue.

When you can, let me know what I need to do.

Thank you,
Dale
Logged

Offline Dale

  • Full Member
  • ***
  • Posts: 178
  • Karma: +0/-0
    • View Profile
Microsoft .net (509) Bandwidth error keeps popping up
« Reply #7 on: June 28, 2010, 09:31:52 PM »
Well, SP3 has been installed.  Things don't seem worse at least.

Dale
Logged

Offline Dale

  • Full Member
  • ***
  • Posts: 178
  • Karma: +0/-0
    • View Profile
Microsoft .net (509) Bandwidth error keeps popping up
« Reply #8 on: July 01, 2010, 09:41:00 PM »
Hi,

I went ahead and did a few things tonight.  Some I think you would have had me do, and others, installing McAfee, maybe not.  I did uninstall java, adobe, firefox, and the ancient virus protection software the system had first.  Then I reinstalled them all.

The system seems to be running okay now.

I just reran OTL.  Here are updated log files.

When you have time, please let me know how things are based on what you see.

Thank you,
Dale

OTL logfile created on: 7/1/2010 9:30:52 PM - Run 2
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Documents and Settings\Patricia\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.00 Mb Total Physical Memory | 160.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.86 Gb Total Space | 4.83 Gb Free Space | 6.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HERNANDEZ
Current User Name: Patricia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010/06/28 19:02:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
PRC - [2010/06/10 06:58:32 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/02/24 13:44:40 | 000,262,672 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\mcvsmap.exe
PRC - [2010/02/24 13:16:08 | 000,262,160 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\mcvsshld.exe
PRC - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/06/28 19:02:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] --  -- (iPod Service)
SRV - File not found [Auto | Stopped] --  -- (Bonjour Service)
SRV - File not found [Auto | Stopped] --  -- (Apple Mobile Device)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/04/28 17:13:42 | 000,820,488 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Documents and Settings\Patricia\Local Settings\temp\0003621278036491mcinst.exe -- (0003621278036491mcinstcleanup) McAfee Application Installer Cleanup (0003621278036491)
SRV - [2010/02/24 13:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/04/14 12:50:14 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/02/17 16:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 16:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2009/01/22 14:19:28 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/10/31 20:00:00 | 000,251,264 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\V0500Vid.sys -- (V0500Dev)
DRV - [2007/08/17 16:09:42 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys -- (MCSTRM)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\winusb.sys -- (WinUSB)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2003/12/03 18:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =  
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/bin/search?p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.thetechguide.com/forum/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/01 20:19:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/01 20:25:33 | 000,000,000 | ---D | M]
 
[2010/07/01 20:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Extensions
[2009/03/30 20:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Extensions\[email protected]
[2010/07/01 20:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\pqkryrrj.default\extensions
[2010/07/01 20:36:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\pqkryrrj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/01 20:22:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/01 20:22:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/01 20:21:56 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/06/27 12:55:06 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
 
O1 HOSTS File: ([2010/06/27 20:23:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EF56413F-9398-4DF5-BC88-6FC3B227D5C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: yahoo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} http://files.member.yahoo.com/dl/installs/sbc/yinst.cab (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (YAddBook Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (PhotosCtrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Patricia\My Documents\My Pictures\Main Event's\Spring Break 09\FLORIDA 108.jpg
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patricia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/07/01 21:08:25 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/07/01 21:08:25 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2010/07/01 21:08:25 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/07/01 21:08:19 | 000,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/07/01 21:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/07/01 21:06:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/07/01 21:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/07/01 21:04:15 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2010/07/01 20:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/01 20:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/01 20:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\My Documents\Downloads
[2010/07/01 20:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/07/01 20:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/07/01 20:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/01 20:09:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patricia\IECompatCache
[2010/06/28 21:29:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patricia\PrivacIE
[2010/06/28 21:27:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/28 20:53:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/28 20:53:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/06/28 20:53:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/28 20:53:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/06/28 20:36:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/06/28 20:36:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/06/28 20:29:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patricia\IETldCache
[2010/06/28 20:21:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/06/28 20:19:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/28 19:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\Malwarebytes
[2010/06/28 19:06:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/28 19:06:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/28 19:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/28 19:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/28 19:02:32 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Patricia\Desktop\mbam-setup-1.46.exe
[2010/06/28 19:02:32 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
[2010/06/27 20:46:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/27 20:43:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/27 19:40:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/27 19:35:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/27 19:35:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/27 19:35:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/27 19:35:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/27 19:34:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/27 19:28:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/27 19:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/09 17:33:50 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\avchost
[2010/06/09 08:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/06/09 08:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/09 08:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/08 10:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/06/08 02:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/07 14:32:28 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AMD Drivers
[2010/06/07 02:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/06/02 08:15:03 | 000,163,840 | ---- | C] (s328355Wx998331WLd785) -- C:\hax.exe
[2010/06/02 08:14:38 | 000,163,840 | ---- | C] (s328355Wx998331WLd785) -- C:\WINDOWS\System32\hax.exe
[2010/06/01 20:23:36 | 000,643,072 | ---- | C] (DQ06ToAw3l) -- C:\Documents and Settings\Patricia\Application Data\gjqvpyf.exe
[2010/06/01 20:15:07 | 000,643,072 | ---- | C] (DQ06ToAw3l) -- C:\Documents and Settings\Patricia\Application Data\lptglmo.exe
[2010/06/01 20:12:46 | 000,643,072 | ---- | C] (DQ06ToAw3l) -- C:\Documents and Settings\Patricia\Application Data\abzylha.exe
[2010/06/01 19:24:44 | 000,000,000 | ---D | C] -- C:\directory
[2010/06/01 19:17:34 | 001,080,233 | ---- | C] (Microsoft) -- C:\Documents and Settings\Patricia\Application Data\uhnegwu.exe
[2010/05/25 23:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/25 21:05:25 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Patricia\Application Data\recyclerr
[2010/05/25 17:44:36 | 000,065,536 | ---- | C] ( ) -- C:\Documents and Settings\Patricia\Application Data\Interop.MessengerAPI.dll
[2010/05/25 15:54:55 | 000,000,000 | ---D | C] -- C:\dir
[2010/05/25 12:50:49 | 000,039,424 | ---- | C] (Microsoft) -- C:\Documents and Settings\Patricia\Application Data\nssfgah.exe
[2010/05/25 12:37:18 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Patricia\Local Settings\Application Data\AMD Drivers
[2010/05/24 21:57:07 | 000,039,424 | ---- | C] (Microsoft) -- C:\Documents and Settings\Patricia\Application Data\ezbjsai.exe
[2010/05/24 17:39:37 | 000,039,424 | ---- | C] (Microsoft) -- C:\Documents and Settings\Patricia\Application Data\qhnszxa.exe
[2010/05/23 20:51:26 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Patricia\Local Settings\Application Data\Intel Pro
[2010/05/23 19:51:25 | 000,039,424 | ---- | C] (Microsoft) -- C:\Documents and Settings\Patricia\Application Data\refcmhh.exe
[2010/05/23 19:40:50 | 000,039,424 | ---- | C] (Microsoft) -- C:\Documents and Settings\Patricia\Application Data\hzxrjcj.exe
[2010/05/23 19:38:14 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Patricia\Local Settings\Application Data\ATI Drivers
[2010/05/23 19:37:52 | 000,039,424 | ---- | C] (Microsoft) -- C:\Documents and Settings\Patricia\Application Data\mmnommd.exe
[2010/05/23 19:32:43 | 000,039,424 | ---- | C] (Microsoft) -- C:\Documents and Settings\Patricia\Application Data\ewbzgrl.exe
[2010/05/23 09:40:46 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/05/20 22:48:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/08 14:46:07 | 000,000,000 | R--D | C] -- C:\OBJECT
[2010/04/24 17:10:25 | 000,000,000 | R--D | C] -- C:\DODA
[2010/04/20 20:55:22 | 000,000,000 | R--D | C] -- C:\MEMO
[2010/04/17 20:19:35 | 000,000,000 | R--D | C] -- C:\DRIVE
[2010/04/14 12:50:14 | 000,385,536 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/05 18:04:26 | 000,000,000 | R--D | C] -- C:\EASTER
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Patricia\My Documents\*.tmp files -> C:\Documents and Settings\Patricia\My Documents\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010/07/01 21:18:02 | 000,023,049 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/07/01 21:12:10 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/07/01 21:07:40 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/07/01 21:07:39 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/07/01 21:03:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/07/01 21:03:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/01 21:02:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/07/01 21:02:12 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Patricia\NTUSER.DAT
[2010/07/01 21:02:12 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Patricia\NTUSER.INI
[2010/07/01 21:01:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2785472910-173239731-3353589407-1010UA.job
[2010/07/01 21:00:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/07/01 20:34:12 | 000,069,416 | ---- | M] () -- C:\Documents and Settings\Patricia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/01 20:30:39 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/01 20:19:10 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/01 20:19:10 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/01 20:17:00 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/01 20:15:00 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/06/28 21:29:16 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/28 21:29:16 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/06/28 21:29:15 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/28 21:26:35 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/28 20:43:50 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/06/28 20:29:17 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/28 19:06:35 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/28 19:02:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
[2010/06/28 19:02:32 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Patricia\Desktop\mbam-setup-1.46.exe
[2010/06/27 20:23:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.UNV
[2010/06/27 20:23:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/06/27 19:41:00 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/06/27 19:04:42 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\HiJackThis.lnk
[2010/06/27 19:02:32 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\HiJackThis.msi
[2010/06/13 02:04:02 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\5F0VfNY4.dat
[2010/06/12 05:02:41 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2785472910-173239731-3353589407-1010Core.job
[2010/06/08 10:14:39 | 000,000,037 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/06/08 10:14:34 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\WinSockInstall.exe
[2010/06/07 02:18:20 | 000,047,248 | ---- | M] () -- C:\debug
[2010/06/02 08:15:06 | 000,163,840 | ---- | M] (s328355Wx998331WLd785) -- C:\hax.exe
[2010/06/02 08:14:45 | 000,163,840 | ---- | M] (s328355Wx998331WLd785) -- C:\WINDOWS\System32\hax.exe
[2010/06/01 20:23:44 | 000,643,072 | ---- | M] (DQ06ToAw3l) -- C:\Documents and Settings\Patricia\Application Data\gjqvpyf.exe
[2010/06/01 20:15:12 | 000,643,072 | ---- | M] (DQ06ToAw3l) -- C:\Documents and Settings\Patricia\Application Data\lptglmo.exe
[2010/06/01 20:12:52 | 000,643,072 | ---- | M] (DQ06ToAw3l) -- C:\Documents and Settings\Patricia\Application Data\abzylha.exe
[2010/05/25 23:53:03 | 000,000,529 | ---- | M] () -- C:\firewall.bat
[2010/05/25 23:52:54 | 000,000,376 | ---- | M] () -- C:\security.bat
[2010/05/25 21:03:37 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\dlueevb.exe
[2010/05/25 21:02:26 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\arkqbuo.exe
[2010/05/25 17:44:47 | 000,065,536 | ---- | M] ( ) -- C:\Documents and Settings\Patricia\Application Data\Interop.MessengerAPI.dll
[2010/05/25 13:11:17 | 000,092,283 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\dmqyarj.exe
[2010/05/25 13:09:19 | 000,106,034 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\iqnnzya.exe
[2010/05/23 18:01:43 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/23 14:08:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\mlckvul.exe
[2010/05/12 03:07:39 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/24 17:34:32 | 000,042,132 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\wklnhst.dat
[2010/04/14 12:50:14 | 000,385,536 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Patricia\My Documents\*.tmp files -> C:\Documents and Settings\Patricia\My Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/07/01 21:17:02 | 000,023,049 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2010/07/01 21:12:10 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/07/01 21:07:40 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/07/01 21:07:38 | 000,000,324 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/07/01 20:19:10 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Patricia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/01 20:19:10 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/01 20:17:00 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/01 20:14:59 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/06/28 19:06:35 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/27 19:41:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/27 19:40:51 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/27 19:35:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/27 19:35:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/27 19:35:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/27 19:35:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/27 19:35:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/27 19:04:13 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\HiJackThis.lnk
[2010/06/27 19:01:40 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\HiJackThis.msi
[2010/06/08 10:14:26 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\WinSockInstall.exe
[2010/06/07 02:18:20 | 000,047,248 | ---- | C] () -- C:\debug
[2010/06/06 11:41:06 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\5F0VfNY4.dat
[2010/05/25 23:53:02 | 000,000,529 | ---- | C] () -- C:\firewall.bat
[2010/05/25 23:52:53 | 000,000,376 | ---- | C] () -- C:\security.bat
[2010/05/25 21:03:37 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Patricia\Application Data\dlueevb.exe
[2010/05/25 21:02:26 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Patricia\Application Data\arkqbuo.exe
[2010/05/25 13:11:16 | 000,092,283 | ---- | C] () -- C:\Documents and Settings\Patricia\Application Data\dmqyarj.exe
[2010/05/25 13:09:18 | 000,106,034 | ---- | C] () -- C:\Documents and Settings\Patricia\Application Data\iqnnzya.exe
[2010/05/23 14:08:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Patricia\Application Data\mlckvul.exe
[2007/08/15 16:57:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/21 07:04:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/04/21 07:03:16 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/04/21 07:00:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/03/17 15:22:36 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/23 20:27:21 | 000,000,228 | ---- | C] () -- C:\WINDOWS\hkwjpiz..ini
[2006/03/23 19:41:40 | 000,000,238 | ---- | C] () -- C:\WINDOWS\104elosn.ini
[2006/03/16 04:01:54 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/03/06 20:07:48 | 000,001,842 | ---- | C] () -- C:\WINDOWS\Jglnmdvu.ini
[2005/12/25 21:30:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/12/25 21:29:56 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2005/12/25 21:27:54 | 000,000,048 | ---- | C] () -- C:\WINDOWS\EPSPictureMate.ini
[2005/03/24 12:18:01 | 000,000,103 | ---- | C] () -- C:\WINDOWS\picturific.ini
[2005/03/24 11:57:47 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/01/23 22:17:03 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/17 09:59:13 | 000,001,673 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/01/07 21:05:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/12/31 01:52:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/31 01:44:18 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/31 01:38:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/31 01:02:40 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/12/05 23:09:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\msxml3a.dll
[2003/07/14 14:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2002/12/10 01:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/12/10 01:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
 
========== LOP Check ==========
 
[2007/11/30 00:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2006/12/14 20:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2007/04/21 06:56:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/12/28 20:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2006/07/06 15:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/03/25 18:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PowerQuest
[2007/04/21 07:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/06/01 13:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/23 22:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/01/07 21:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2009/09/20 19:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/13 23:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/07/23 22:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\acccore
[2008/07/21 20:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Azureus
[2009/04/16 07:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Canon
[2010/05/25 00:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Ehbeu
[2006/07/11 11:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\iMesh
[2005/02/28 22:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Leadertech
[2009/04/22 07:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\LimeWire
[2007/08/20 01:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Morpheus Software
[2009/08/01 19:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\MSNInstaller
[2007/09/08 16:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\NewSoft
[2009/03/03 23:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\OpenOffice.org
[2006/07/06 15:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\PlayFirst
[2007/07/13 22:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Printer Info Cache
[2010/06/27 20:18:52 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Patricia\Application Data\recyclerr
[2007/04/21 07:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\ScanSoft
[2007/05/03 16:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Viewpoint
[2007/08/22 06:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Wal-Mart Digital Photo Viewer
[2010/07/01 21:07:40 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/07/01 21:07:39 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663565B1
< End of report >



OTL Extras logfile created on: 6/28/2010 7:26:49 PM - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Documents and Settings\Patricia\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.00 Mb Total Physical Memory | 258.00 Mb Available Physical Memory | 51.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.86 Gb Total Space | 7.50 Gb Free Space | 10.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HERNANDEZ
Current User Name: Patricia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\WINWORD.EXE" /n /dde File not found
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"4064:UDP" = 4064:UDP:*:Enabled:Windows Media Format SDK (firefox.exe)
"4065:UDP" = 4065:UDP:*:Enabled:Windows Media Format SDK (firefox.exe)
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell Inc\Dell Picture Studio v3.0\launch.exe" = C:\Program Files\Dell Inc\Dell Picture Studio v3.0\launch.exe:*:Disabled:Jasc Paint Shop Photo Album 5 Application -- (Jasc Software)
"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\iMesh Applications\iMesh6\iMesh6.exe" = C:\Program Files\iMesh Applications\iMesh6\iMesh6.exe:*:Disabled:iMesh 6 -- (iMesh, Inc)
"C:\Program Files\K-Lite\kazaa.core" = C:\Program Files\K-Lite\kazaa.core:*:Disabled:Kazaa -- (Sharman Networks)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Yahoo!\browser\ycommon.exe" = C:\Program Files\Yahoo!\browser\ycommon.exe:*:Disabled:YCommon Exe Module -- (Yahoo!, Inc.)
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player -- (RealNetworks, Inc.)
"C:\Documents and Settings\Louie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Louie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Louie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Louie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\aimini P2P software\aimini.exe" = C:\aimini P2P software\aimini.exe:*:Enabled:Aimini P2P Software -- (aimini.com)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{097346E0-6A51-11D1-AD16-00A0C95E0503}(SBC)" = Visual IP InSight(SBC)
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0FBC5420-9BFB-4E3E-942A-4AD41269C811}" = CinemaNow for Media Center
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4ecaf021-478c-40c1-b777-3368a15f9966}" = Macromedia Flash Player
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Microsoft .net (509) Bandwidth error keeps popping up
« Reply #9 on: July 02, 2010, 08:23:57 PM »
Very sorry for the delay, I'll ensure to get back more often
Can you do the following for me please

Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Dale

  • Full Member
  • ***
  • Posts: 178
  • Karma: +0/-0
    • View Profile
Microsoft .net (509) Bandwidth error keeps popping up
« Reply #10 on: July 03, 2010, 07:19:32 AM »
Thanks for getting back!  I figured you would be taking this holiday weekend off and I was going to also.  :-)  Anyway, I've posted the log you requested below.  The one thing I know needs to be done to this system is to free up some space on the hard drive!  I noticed a bunch of weird .exe files in one of the my documents folders and I simply deleted them.  About half the drive has music and pictures on it.  The rest, I'm not so sure.

Dale

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Bonjour
Canon MP Navigator 2.2
Canon MP530
Canon MP530 User Registration
Canon Utilities Easy-PhotoPrint
CinemaNow for Media Center
CleanUp!
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
DellSupport
Dynex 1.3MP Webcam Driver (1.00.03.0000)
Dynex Webcam User's Guide
EarthLink setup files
Easy-WebPrint
EPSON CardMonitor
EPSON PhotoStarter3.0
EPSON Printer Software
Google Talk Plugin
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iPhone Configuration Utility
iTunes
Java(TM) 6 Update 20
Live! Cam Center
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Small Business
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Photo Premium 9
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets and Trips 2004
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft WinUsb 1.0
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (3.6.6)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
neroxml
Picture Package
QuickTime
SBC Yahoo! Applications
ScanSoft OmniPage SE 4.0
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB982381)
Shockwave
Sonic Update Manager
Sony USB Driver
SoundMAX
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
USB MP3 Application
USB MP3 Player Win98 Drivers
Viewpoint Media Player
Visual IP InSight(SBC)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Microsoft .net (509) Bandwidth error keeps popping up
« Reply #11 on: July 03, 2010, 10:24:50 AM »
Quote
noticed a bunch of weird .exe files in one of the my documents folders and I simply deleted them.

I'm not sure what you got rid of, so the next set of instructions, may or may not find some files leftover
First: Access your Add/Remove Programs and remove the following
Viewpoint Media Player


Double  click on OTL.exe and Run it
  • Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
    Quote
    :OTL
    [2010/06/02 08:15:03 | 000,163,840 | ---- | C] (s328355Wx998331WLd785) -- C:\hax.exe
    [2010/06/02 08:14:38 | 000,163,840 | ---- | C] (s328355Wx998331WLd785) -- C:\WINDOWS\System32\hax.exe
    [2010/06/01 20:23:36 | 000,643,072 | ---- | C] (DQ06ToAw3l) -- C:\Documents and Settings\Patricia\Application Data\gjqvpyf.exe
    [2010/06/01 20:15:07 | 000,643,072 | ---- | C] (DQ06ToAw3l) -- C:\Documents and Settings\Patricia\Application Data\lptglmo.exe
    [2010/06/01 20:12:46 | 000,643,072 | ---- | C] (DQ06ToAw3l) -- C:\Documents and Settings\Patricia\Application Data\abzylha.exe
    [2010/06/01 19:17:34 | 001,080,233 | ---- | C] (Microsoft) -- C:\Documents and Settings\Patricia\Application Data\uhnegwu.exe
    [2010/05/25 21:05:25 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Patricia\Application Data\recyclerr
    [2010/05/25 12:50:49 | 000,039,424 | ---- | C] (Microsoft) -- C:\Documents and Settings\Patricia\Application Data\nssfgah.exe
    [2010/05/24 21:57:07 | 000,039,424 | ---- | C] (Microsoft) -- C:\Documents and Settings\Patricia\Application Data\ezbjsai.exe
    [2010/05/24 17:39:37 | 000,039,424 | ---- | C] (Microsoft) -- C:\Documents and Settings\Patricia\Application Data\qhnszxa.exe
    [2010/05/23 19:51:25 | 000,039,424 | ---- | C] (Microsoft) -- C:\Documents and Settings\Patricia\Application Data\refcmhh.exe
    [2010/05/23 19:40:50 | 000,039,424 | ---- | C] (Microsoft) -- C:\Documents and Settings\Patricia\Application Data\hzxrjcj.exe
    [2010/05/23 19:37:52 | 000,039,424 | ---- | C] (Microsoft) -- C:\Documents and Settings\Patricia\Application Data\mmnommd.exe
    [2010/05/23 19:32:43 | 000,039,424 | ---- | C] (Microsoft) -- C:\Documents and Settings\Patricia\Application Data\ewbzgrl.exe
    :Reg
    :Files
    :Commands
    [EmptyTemp]
    [Reboot]

  • Then click the [color="#FF0000"]Run Fix[/color] button at the top
  • Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

With that log from OTL, can you run OTL.exe again and choose "Quick Scan"
Post the new log that opens
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Dale

  • Full Member
  • ***
  • Posts: 178
  • Karma: +0/-0
    • View Profile
Microsoft .net (509) Bandwidth error keeps popping up
« Reply #12 on: July 03, 2010, 11:04:46 AM »
Below are the logs you requested.  FYI, between posts, McAfee was busy and removed three programs and quarantined over 1,000.

These logs are from after McAfee did its thing.

Thank you again for your help on this,
Dale

All processes killed
========== OTL ==========
C:\hax.exe moved successfully.
C:\WINDOWS\SYSTEM32\hax.exe moved successfully.
C:\Documents and Settings\Patricia\Application Data\gjqvpyf.exe moved successfully.
C:\Documents and Settings\Patricia\Application Data\lptglmo.exe moved successfully.
C:\Documents and Settings\Patricia\Application Data\abzylha.exe moved successfully.
C:\Documents and Settings\Patricia\Application Data\uhnegwu.exe moved successfully.
C:\Documents and Settings\Patricia\Application Data\recyclerr folder moved successfully.
C:\Documents and Settings\Patricia\Application Data\nssfgah.exe moved successfully.
C:\Documents and Settings\Patricia\Application Data\ezbjsai.exe moved successfully.
C:\Documents and Settings\Patricia\Application Data\qhnszxa.exe moved successfully.
C:\Documents and Settings\Patricia\Application Data\refcmhh.exe moved successfully.
C:\Documents and Settings\Patricia\Application Data\hzxrjcj.exe moved successfully.
C:\Documents and Settings\Patricia\Application Data\mmnommd.exe moved successfully.
C:\Documents and Settings\Patricia\Application Data\ewbzgrl.exe moved successfully.
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: All Users
 
User: Big Lou
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2654342 bytes
->Flash cache emptied: 0 bytes
 
User: Louie
->Temp folder emptied: 12304 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 930156 bytes
->FireFox cache emptied: 36367992 bytes
->Flash cache emptied: 2407 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 348 bytes
 
User: Patricia
->Temp folder emptied: 115888 bytes
->Temporary Internet Files folder emptied: 5877709 bytes
->Java cache emptied: 28010658 bytes
->FireFox cache emptied: 36184118 bytes
->Apple Safari cache emptied: 40851162 bytes
->Flash cache emptied: 456 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32405138 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 175.00 mb
 
 
OTL by OldTimer - Version 3.2.7.0 log created on 07032010_104731

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





OTL logfile created on: 7/3/2010 10:54:22 AM - Run 3
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Documents and Settings\Patricia\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.00 Mb Total Physical Memory | 77.00 Mb Available Physical Memory | 15.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.86 Gb Total Space | 5.10 Gb Free Space | 7.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HERNANDEZ
Current User Name: Patricia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010/06/28 19:02:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
PRC - [2010/06/26 03:41:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 06:58:32 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/06/28 19:02:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] --  -- (iPod Service)
SRV - File not found [Auto | Stopped] --  -- (Bonjour Service)
SRV - File not found [Auto | Stopped] --  -- (Apple Mobile Device)
SRV - File not found [Auto | Stopped] --  -- (0003621278036491mcinstcleanup) McAfee Application Installer Cleanup (0003621278036491)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/02/24 13:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/04/14 12:50:14 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/02/17 16:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 16:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2009/01/22 14:19:28 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/10/31 20:00:00 | 000,251,264 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\V0500Vid.sys -- (V0500Dev)
DRV - [2007/08/17 16:09:42 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys -- (MCSTRM)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\winusb.sys -- (WinUSB)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2003/12/03 18:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =  
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/bin/search?p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.thetechguide.com/forum/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/01 20:19:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/01 20:25:33 | 000,000,000 | ---D | M]
 
[2010/07/01 20:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Extensions
[2009/03/30 20:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Extensions\[email protected]
[2010/07/03 10:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\pqkryrrj.default\extensions
[2010/07/01 20:36:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\pqkryrrj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/03 10:11:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/01 20:22:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/01 20:21:56 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/06/27 12:55:06 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
 
O1 HOSTS File: ([2010/06/27 20:23:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EF56413F-9398-4DF5-BC88-6FC3B227D5C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: yahoo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} http://files.member.yahoo.com/dl/installs/sbc/yinst.cab (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (YAddBook Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (PhotosCtrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Patricia\My Documents\My Pictures\Main Event's\Spring Break 09\FLORIDA 108.jpg
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patricia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/07/03 10:47:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/01 21:08:25 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/07/01 21:08:25 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2010/07/01 21:08:25 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/07/01 21:08:19 | 000,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/07/01 21:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/07/01 21:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/07/01 21:04:15 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2010/07/01 20:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/01 20:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/01 20:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\My Documents\Downloads
[2010/07/01 20:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/07/01 20:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/07/01 20:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/01 20:09:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patricia\IECompatCache
[2010/06/28 21:29:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patricia\PrivacIE
[2010/06/28 21:27:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/28 20:53:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/28 20:53:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/06/28 20:53:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/28 20:53:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/06/28 20:36:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/06/28 20:36:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/06/28 20:29:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patricia\IETldCache
[2010/06/28 20:21:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/06/28 20:19:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/28 19:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\Malwarebytes
[2010/06/28 19:06:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/28 19:06:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/28 19:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/28 19:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/28 19:02:32 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Patricia\Desktop\mbam-setup-1.46.exe
[2010/06/28 19:02:32 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
[2010/06/27 20:46:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/27 20:43:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/27 19:40:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/27 19:35:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/27 19:35:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/27 19:35:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/27 19:35:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/27 19:34:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/27 19:28:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/27 19:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/09 17:33:50 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\avchost
[2010/06/09 08:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/06/09 08:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/09 08:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/08 10:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/06/08 02:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/07 14:32:28 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AMD Drivers
[2010/06/07 02:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/06/01 19:24:44 | 000,000,000 | ---D | C] -- C:\directory
[2010/05/25 23:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/25 17:44:36 | 000,065,536 | ---- | C] ( ) -- C:\Documents and Settings\Patricia\Application Data\Interop.MessengerAPI.dll
[2010/05/25 15:54:55 | 000,000,000 | ---D | C] -- C:\dir
[2010/05/25 12:37:18 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Patricia\Local Settings\Application Data\AMD Drivers
[2010/05/23 20:51:26 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Patricia\Local Settings\Application Data\Intel Pro
[2010/05/23 19:38:14 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Patricia\Local Settings\Application Data\ATI Drivers
[2010/05/23 09:40:46 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/05/20 22:48:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/08 14:46:07 | 000,000,000 | R--D | C] -- C:\OBJECT
[2010/04/24 17:10:25 | 000,000,000 | R--D | C] -- C:\DODA
[2010/04/20 20:55:22 | 000,000,000 | R--D | C] -- C:\MEMO
[2010/04/17 20:19:35 | 000,000,000 | R--D | C] -- C:\DRIVE
[2010/04/14 12:50:14 | 000,385,536 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/05 18:04:26 | 000,000,000 | R--D | C] -- C:\EASTER
[1 C:\Documents and Settings\Patricia\My Documents\*.tmp files -> C:\Documents and Settings\Patricia\My Documents\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010/07/03 11:01:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2785472910-173239731-3353589407-1010UA.job
[2010/07/03 10:51:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/07/03 10:51:22 | 000,023,585 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/07/03 10:50:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/03 10:50:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/07/03 10:49:15 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Patricia\NTUSER.DAT
[2010/07/03 10:49:15 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Patricia\NTUSER.INI
[2010/07/03 10:44:39 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\HiJackThis.lnk
[2010/07/01 21:12:10 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/07/01 21:07:40 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/07/01 21:07:39 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/07/01 21:00:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/07/01 20:34:12 | 000,069,416 | ---- | M] () -- C:\Documents and Settings\Patricia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/01 20:30:39 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/01 20:19:10 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/01 20:19:10 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/01 20:17:00 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/01 20:15:00 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/06/28 21:29:16 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/28 21:29:16 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/06/28 21:29:15 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/28 21:26:35 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/28 20:43:50 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/06/28 20:29:17 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/28 19:06:35 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/28 19:02:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
[2010/06/28 19:02:32 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Patricia\Desktop\mbam-setup-1.46.exe
[2010/06/27 20:23:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.UNV
[2010/06/27 20:23:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/06/27 19:41:00 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/06/27 19:02:32 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\HiJackThis.msi
[2010/06/13 02:04:02 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\5F0VfNY4.dat
[2010/06/12 05:02:41 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2785472910-173239731-3353589407-1010Core.job
[2010/06/08 10:14:39 | 000,000,037 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/06/08 10:14:34 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\WinSockInstall.exe
[2010/06/07 02:18:20 | 000,047,248 | ---- | M] () -- C:\debug
[2010/05/25 23:53:03 | 000,000,529 | ---- | M] () -- C:\firewall.bat
[2010/05/25 23:52:54 | 000,000,376 | ---- | M] () -- C:\security.bat
[2010/05/25 21:03:37 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\dlueevb.exe
[2010/05/25 21:02:26 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\arkqbuo.exe
[2010/05/25 17:44:47 | 000,065,536 | ---- | M] ( ) -- C:\Documents and Settings\Patricia\Application Data\Interop.MessengerAPI.dll
[2010/05/25 13:11:17 | 000,092,283 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\dmqyarj.exe
[2010/05/25 13:09:19 | 000,106,034 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\iqnnzya.exe
[2010/05/23 18:01:43 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/23 14:08:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\mlckvul.exe
[2010/05/12 03:07:39 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/24 17:34:32 | 000,042,132 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\wklnhst.dat
[2010/04/14 12:50:14 | 000,385,536 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[1 C:\Documents and Settings\Patricia\My Documents\*.tmp files -> C:\Documents and Settings\Patricia\My Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/07/01 21:17:02 | 000,023,585 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2010/07/01 21:12:10 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/07/01 21:07:40 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/07/01 21:07:38 | 000,000,324 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/07/01 20:19:10 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Patricia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/01 20:19:10 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/01 20:17:00 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/01 20:14:59 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/06/28 19:06:35 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/27 19:41:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/27 19:40:51 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/27 19:35:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/27 19:35:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/27 19:35:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/27 19:35:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/27 19:35:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/27 19:04:13 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\HiJackThis.lnk
[2010/06/27 19:01:40 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\HiJackThis.msi
[2010/06/08 10:14:26 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\WinSockInstall.exe
[2010/06/07 02:18:20 | 000,047,248 | ---- | C] () -- C:\debug
[2010/06/06 11:41:06 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\5F0VfNY4.dat
[2010/05/25 23:53:02 | 000,000,529 | ---- | C] () -- C:\firewall.bat
[2010/05/25 23:52:53 | 000,000,376 | ---- | C] () -- C:\security.bat
[2010/05/25 21:03:37 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Patricia\Application Data\dlueevb.exe
[2010/05/25 21:02:26 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Patricia\Application Data\arkqbuo.exe
[2010/05/25 13:11:16 | 000,092,283 | ---- | C] () -- C:\Documents and Settings\Patricia\Application Data\dmqyarj.exe
[2010/05/25 13:09:18 | 000,106,034 | ---- | C] () -- C:\Documents and Settings\Patricia\Application Data\iqnnzya.exe
[2010/05/23 14:08:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Patricia\Application Data\mlckvul.exe
[2007/08/15 16:57:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/21 07:04:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/04/21 07:03:16 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/04/21 07:00:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/03/17 15:22:36 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/23 20:27:21 | 000,000,228 | ---- | C] () -- C:\WINDOWS\hkwjpiz..ini
[2006/03/23 19:41:40 | 000,000,238 | ---- | C] () -- C:\WINDOWS\104elosn.ini
[2006/03/16 04:01:54 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/03/06 20:07:48 | 000,001,842 | ---- | C] () -- C:\WINDOWS\Jglnmdvu.ini
[2005/12/25 21:30:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/12/25 21:29:56 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2005/12/25 21:27:54 | 000,000,048 | ---- | C] () -- C:\WINDOWS\EPSPictureMate.ini
[2005/03/24 12:18:01 | 000,000,103 | ---- | C] () -- C:\WINDOWS\picturific.ini
[2005/03/24 11:57:47 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/01/23 22:17:03 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/17 09:59:13 | 000,001,673 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/01/07 21:05:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/12/31 01:52:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/31 01:44:18 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/31 01:38:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/31 01:02:40 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/12/05 23:09:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\msxml3a.dll
[2003/07/14 14:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2002/12/10 01:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/12/10 01:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
 
========== LOP Check ==========
 
[2007/11/30 00:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2006/12/14 20:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2007/04/21 06:56:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/12/28 20:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2006/07/06 15:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/03/25 18:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PowerQuest
[2007/04/21 07:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/06/01 13:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/23 22:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/01/07 21:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2009/09/20 19:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/13 23:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/07/23 22:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\acccore
[2008/07/21 20:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Azureus
[2009/04/16 07:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Canon
[2010/05/25 00:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Ehbeu
[2006/07/11 11:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\iMesh
[2005/02/28 22:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Leadertech
[2009/04/22 07:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\LimeWire
[2007/08/20 01:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Morpheus Software
[2009/08/01 19:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\MSNInstaller
[2007/09/08 16:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\NewSoft
[2009/03/03 23:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\OpenOffice.org
[2006/07/06 15:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\PlayFirst
[2007/07/13 22:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Printer Info Cache
[2007/04/21 07:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\ScanSoft
[2007/05/03 16:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Viewpoint
[2007/08/22 06:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Wal-Mart Digital Photo Viewer
[2010/07/01 21:07:40 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/07/01 21:07:39 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663565B1
< End of report >
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Microsoft .net (509) Bandwidth error keeps popping up
« Reply #13 on: July 03, 2010, 11:32:07 AM »
Double  click on OTL.exe and Run it
  • Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
    Quote
    :OTL
    IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
    [2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
    O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
    O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EF56413F-9398-4DF5-BC88-6FC3B227D5C5} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
    [2010/06/28 19:02:32 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patricia\Desktop\mbam-setup-1.46.exe

    :Reg
    :Files
    C:\Program Files\AskTBar
    C:\Program Files\Viewpoint
    C:\WINDOWS\System32\avchost
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    C:\Documents and Settings\Patricia\Application Data\Viewpoint
    C:\Documents and Settings\Patricia\Application Data\dlueevb.exe
    C:\Documents and Settings\Patricia\Application Data\arkqbuo.exe
    C:\Documents and Settings\Patricia\Application Data\dmqyarj.exe
    C:\Documents and Settings\Patricia\Application Data\iqnnzya.exe
    C:\Documents and Settings\Patricia\Application Data\mlckvul.exe
    :Commands
    [EmptyTemp]
    [Reboot]

  • Then click the [color="#FF0000"]Run Fix[/color] button at the top
  • Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

Again, can you also do a Quick Scan with OTL and post it's new log too
Keep me informed how things are now running

In addition: Do you know anything about the next couple files
C:\firewall.bat
C:\security.bat
If you don't know what they are, navigate to them, don't double click on them, instead, right click on each and choose EDIT
Can you copy/paste back here the contents of each please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Dale

  • Full Member
  • ***
  • Posts: 178
  • Karma: +0/-0
    • View Profile
Microsoft .net (509) Bandwidth error keeps popping up
« Reply #14 on: July 03, 2010, 12:08:29 PM »
Here are the log files and the contents of those bat files, which I have no idea what they're for or where they came from.

Thank Guestolo,
Dale

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9CB65206-89C4-402c-BA80-02D8C59F9B1D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65206-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
File C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{EF56413F-9398-4DF5-BC88-6FC3B227D5C5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF56413F-9398-4DF5-BC88-6FC3B227D5C5}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}\ not found.
C:\Documents and Settings\Patricia\Desktop\mbam-setup-1.46.exe moved successfully.
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\AskTBar\SrchAstt\1.bin folder moved successfully.
C:\Program Files\AskTBar\SrchAstt folder moved successfully.
C:\Program Files\AskTBar\PopSwatr\History folder moved successfully.
C:\Program Files\AskTBar\PopSwatr folder moved successfully.
C:\Program Files\AskTBar\bar\Settings folder moved successfully.
C:\Program Files\AskTBar\bar\History folder moved successfully.
C:\Program Files\AskTBar\bar\Cache folder moved successfully.
C:\Program Files\AskTBar\bar\1.bin folder moved successfully.
C:\Program Files\AskTBar\bar folder moved successfully.
C:\Program Files\AskTBar folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\AxMetaStream_Win folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\Components folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents\AxMetaStream_Win folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Program Files\Viewpoint\Common folder moved successfully.
C:\Program Files\Viewpoint folder moved successfully.
C:\WINDOWS\System32\avchost folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Patricia\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\Patricia\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\Patricia\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\Patricia\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\Patricia\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\Patricia\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\Patricia\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\Patricia\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\Patricia\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\Patricia\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\Patricia\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\Patricia\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\Patricia\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Patricia\Application Data\dlueevb.exe moved successfully.
C:\Documents and Settings\Patricia\Application Data\arkqbuo.exe moved successfully.
C:\Documents and Settings\Patricia\Application Data\dmqyarj.exe moved successfully.
C:\Documents and Settings\Patricia\Application Data\iqnnzya.exe moved successfully.
C:\Documents and Settings\Patricia\Application Data\mlckvul.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Big Lou
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Louie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Patricia
->Temp folder emptied: 1200 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22963288 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 22.00 mb
 
 
OTL by OldTimer - Version 3.2.7.0 log created on 07032010_115022

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





OTL logfile created on: 7/3/2010 11:57:03 AM - Run 4
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Documents and Settings\Patricia\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.00 Mb Total Physical Memory | 146.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.86 Gb Total Space | 5.10 Gb Free Space | 7.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HERNANDEZ
Current User Name: Patricia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010/06/28 19:02:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
PRC - [2010/06/26 03:41:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 06:58:32 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/06/28 19:02:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (Viewpoint Manager Service)
SRV - File not found [Disabled | Stopped] --  -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] --  -- (iPod Service)
SRV - File not found [Auto | Stopped] --  -- (Bonjour Service)
SRV - File not found [Auto | Stopped] --  -- (Apple Mobile Device)
SRV - File not found [Auto | Stopped] --  -- (0003621278036491mcinstcleanup) McAfee Application Installer Cleanup (0003621278036491)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/02/24 13:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/04/14 12:50:14 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/02/17 16:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 16:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2009/01/22 14:19:28 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/10/31 20:00:00 | 000,251,264 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\V0500Vid.sys -- (V0500Dev)
DRV - [2007/08/17 16:09:42 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys -- (MCSTRM)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\winusb.sys -- (WinUSB)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2003/12/03 18:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =  
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/bin/search?p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.thetechguide.com/forum/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/01 20:19:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/01 20:25:33 | 000,000,000 | ---D | M]
 
[2010/07/01 20:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Extensions
[2009/03/30 20:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Extensions\[email protected]
[2010/07/03 10:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\pqkryrrj.default\extensions
[2010/07/01 20:36:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\pqkryrrj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/03 10:11:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/01 20:22:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/01 20:21:56 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/06/27 12:55:06 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
 
O1 HOSTS File: ([2010/06/27 20:23:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: yahoo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} http://files.member.yahoo.com/dl/installs/sbc/yinst.cab (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (YAddBook Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (PhotosCtrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Patricia\My Documents\My Pictures\Main Event's\Spring Break 09\FLORIDA 108.jpg
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patricia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/07/03 10:47:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/01 21:08:25 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/07/01 21:08:25 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2010/07/01 21:08:25 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/07/01 21:08:19 | 000,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/07/01 21:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/07/01 21:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/07/01 21:04:15 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2010/07/01 20:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/01 20:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/01 20:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\My Documents\Downloads
[2010/07/01 20:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/07/01 20:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/07/01 20:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/01 20:09:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patricia\IECompatCache
[2010/06/28 21:29:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patricia\PrivacIE
[2010/06/28 21:27:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/28 20:53:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/28 20:53:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/06/28 20:53:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/28 20:53:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/06/28 20:36:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/06/28 20:36:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/06/28 20:29:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patricia\IETldCache
[2010/06/28 20:21:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/06/28 20:19:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/28 19:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\Malwarebytes
[2010/06/28 19:06:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/28 19:06:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/28 19:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/28 19:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/28 19:02:32 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
[2010/06/27 20:46:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/27 20:43:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/27 19:40:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/27 19:35:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/27 19:35:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/27 19:35:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/27 19:35:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/27 19:34:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/27 19:28:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/27 19:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/09 08:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/06/09 08:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/09 08:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/08 10:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/06/08 02:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/07 14:32:28 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AMD Drivers
[2010/06/07 02:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/06/01 19:24:44 | 000,000,000 | ---D | C] -- C:\directory
[2010/05/25 23:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/25 17:44:36 | 000,065,536 | ---- | C] ( ) -- C:\Documents and Settings\Patricia\Application Data\Interop.MessengerAPI.dll
[2010/05/25 15:54:55 | 000,000,000 | ---D | C] -- C:\dir
[2010/05/25 12:37:18 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Patricia\Local Settings\Application Data\AMD Drivers
[2010/05/23 20:51:26 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Patricia\Local Settings\Application Data\Intel Pro
[2010/05/23 19:38:14 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Patricia\Local Settings\Application Data\ATI Drivers
[2010/05/23 09:40:46 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/05/20 22:48:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/08 14:46:07 | 000,000,000 | R--D | C] -- C:\OBJECT
[2010/04/24 17:10:25 | 000,000,000 | R--D | C] -- C:\DODA
[2010/04/20 20:55:22 | 000,000,000 | R--D | C] -- C:\MEMO
[2010/04/17 20:19:35 | 000,000,000 | R--D | C] -- C:\DRIVE
[2010/04/14 12:50:14 | 000,385,536 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/05 18:04:26 | 000,000,000 | R--D | C] -- C:\EASTER
[1 C:\Documents and Settings\Patricia\My Documents\*.tmp files -> C:\Documents and Settings\Patricia\My Documents\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010/07/03 12:01:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2785472910-173239731-3353589407-1010UA.job
[2010/07/03 11:53:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/07/03 11:52:48 | 000,023,585 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/07/03 11:51:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/03 11:51:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/07/03 11:50:48 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Patricia\NTUSER.DAT
[2010/07/03 11:50:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Patricia\NTUSER.INI
[2010/07/03 10:44:39 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\HiJackThis.lnk
[2010/07/01 21:12:10 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/07/01 21:07:40 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/07/01 21:07:39 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/07/01 21:00:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/07/01 20:34:12 | 000,069,416 | ---- | M] () -- C:\Documents and Settings\Patricia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/01 20:30:39 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/01 20:19:10 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/01 20:19:10 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/01 20:17:00 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/01 20:15:00 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/06/28 21:29:16 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/28 21:29:16 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/06/28 21:29:15 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/28 21:26:35 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/28 20:43:50 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/06/28 20:29:17 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/28 19:06:35 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/28 19:02:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
[2010/06/27 20:23:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.UNV
[2010/06/27 20:23:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/06/27 19:41:00 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/06/27 19:02:32 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\HiJackThis.msi
[2010/06/13 02:04:02 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\5F0VfNY4.dat
[2010/06/12 05:02:41 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2785472910-173239731-3353589407-1010Core.job
[2010/06/08 10:14:39 | 000,000,037 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/06/08 10:14:34 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\WinSockInstall.exe
[2010/06/07 02:18:20 | 000,047,248 | ---- | M] () -- C:\debug
[2010/05/25 23:53:03 | 000,000,529 | ---- | M] () -- C:\firewall.bat
[2010/05/25 23:52:54 | 000,000,376 | ---- | M] () -- C:\security.bat
[2010/05/25 17:44:47 | 000,065,536 | ---- | M] ( ) -- C:\Documents and Settings\Patricia\Application Data\Interop.MessengerAPI.dll
[2010/05/23 18:01:43 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/12 03:07:39 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/24 17:34:32 | 000,042,132 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\wklnhst.dat
[2010/04/14 12:50:14 | 000,385,536 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[1 C:\Documents and Settings\Patricia\My Documents\*.tmp files -> C:\Documents and Settings\Patricia\My Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/07/01 21:17:02 | 000,023,585 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2010/07/01 21:12:10 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/07/01 21:07:40 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/07/01 21:07:38 | 000,000,324 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/07/01 20:19:10 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Patricia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/01 20:19:10 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/01 20:17:00 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/01 20:14:59 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/06/28 19:06:35 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/27 19:41:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/27 19:40:51 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/27 19:35:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/27 19:35:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/27 19:35:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/27 19:35:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/27 19:35:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/27 19:04:13 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\HiJackThis.lnk
[2010/06/27 19:01:40 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\HiJackThis.msi
[2010/06/08 10:14:26 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\WinSockInstall.exe
[2010/06/07 02:18:20 | 000,047,248 | ---- | C] () -- C:\debug
[2010/06/06 11:41:06 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\5F0VfNY4.dat
[2010/05/25 23:53:02 | 000,000,529 | ---- | C] () -- C:\firewall.bat
[2010/05/25 23:52:53 | 000,000,376 | ---- | C] () -- C:\security.bat
[2007/08/15 16:57:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/21 07:04:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/04/21 07:03:16 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/04/21 07:00:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/03/17 15:22:36 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/23 20:27:21 | 000,000,228 | ---- | C] () -- C:\WINDOWS\hkwjpiz..ini
[2006/03/23 19:41:40 | 000,000,238 | ---- | C] () -- C:\WINDOWS\104elosn.ini
[2006/03/16 04:01:54 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/03/06 20:07:48 | 000,001,842 | ---- | C] () -- C:\WINDOWS\Jglnmdvu.ini
[2005/12/25 21:30:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/12/25 21:29:56 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2005/12/25 21:27:54 | 000,000,048 | ---- | C] () -- C:\WINDOWS\EPSPictureMate.ini
[2005/03/24 12:18:01 | 000,000,103 | ---- | C] () -- C:\WINDOWS\picturific.ini
[2005/03/24 11:57:47 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/01/23 22:17:03 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/17 09:59:13 | 000,001,673 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/01/07 21:05:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/12/31 01:52:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/31 01:44:18 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/31 01:38:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/31 01:02:40 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/12/05 23:09:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\msxml3a.dll
[2003/07/14 14:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2002/12/10 01:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/12/10 01:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
 
========== LOP Check ==========
 
[2007/11/30 00:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2006/12/14 20:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2007/04/21 06:56:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/12/28 20:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2006/07/06 15:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/03/25 18:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PowerQuest
[2007/04/21 07:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/06/01 13:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/01/07 21:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2009/09/20 19:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/13 23:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/07/23 22:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\acccore
[2008/07/21 20:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Azureus
[2009/04/16 07:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Canon
[2010/05/25 00:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Ehbeu
[2006/07/11 11:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\iMesh
[2005/02/28 22:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Leadertech
[2009/04/22 07:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\LimeWire
[2007/08/20 01:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Morpheus Software
[2009/08/01 19:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\MSNInstaller
[2007/09/08 16:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\NewSoft
[2009/03/03 23:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\OpenOffice.org
[2006/07/06 15:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\PlayFirst
[2007/07/13 22:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Printer Info Cache
[2007/04/21 07:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\ScanSoft
[2007/08/22 06:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Wal-Mart Digital Photo Viewer
[2010/07/01 21:07:40 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/07/01 21:07:39 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663565B1
< End of report >




Firewall.bat:

@echo off

echo ------------------------------
echo Stopping "Windows Firewall/Internet Connection Sharing (ICS)"
sc stop SharedAccess > nul  net start | find "Windows Firewall/Internet Connection Sharing (ICS)" > nul  
if errorlevel 1 echo "Windows Firewall/Internet Connection Sharing (ICS)" was stopped successfully

echo Disabling "Windows Firewall/Internet Connection Sharing (ICS)"
sc config SharedAccess start= disabled > nul
echo ------------------------------
echo Press any key to close . . .pause > nul




security.bat:

@echo off

echo ------------------------------
echo Stopping "Security Center"
@sc stop wscsvc > nul  
net start | find "Security Center" > nul  
if errorlevel 1 echo "Security Center" was stopped successfully
echo Disabling "Security Center"
@sc config wscsvc start= disabled > nul
echo ------------------------------
echo Press any key to close . . .pause > nul
Logged

Offline Dale

  • Full Member
  • ***
  • Posts: 178
  • Karma: +0/-0
    • View Profile
Microsoft .net (509) Bandwidth error keeps popping up
« Reply #15 on: July 03, 2010, 12:17:38 PM »
FYI things do seem to be running fine.  :-)

There are some weird files still laying around in Patricia's folder like aaa, aaa.ss, 3333.ssss   aaa.ss

Thank you again,
Dale
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Microsoft .net (509) Bandwidth error keeps popping up
« Reply #16 on: July 03, 2010, 12:23:24 PM »
Go ahead and manually delete
Firewall.bat and
security.bat

Go to START>>RUN>>Copy and paste the next command

[color="#FF0000"]ComboFix /uninstall[/color]

Then hit OK, this will uninstall ComboFix and it's components

Open OTL.exe and click on the CLEANUP button, follow the prompts
Reboot
Let me know how things are now running, if you have any further problems
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Dale

  • Full Member
  • ***
  • Posts: 178
  • Karma: +0/-0
    • View Profile
Microsoft .net (509) Bandwidth error keeps popping up
« Reply #17 on: July 03, 2010, 04:36:44 PM »
Hi,

I think things are running pretty good.  The PC is kind of old/slow but...

I'll have to get my neighbor to choose some things to delete or to get another drive and we can move the pictures and music over to it.  Or maybe both.

FYI, the ComboFix /uninstall did not work.  Couldn't find ComboFix or some error like that.  The OTL did clean itself up.  I just went to Add/Remove programs and uninstalled HiJackThis and I left ATF-Cleaner alone.

Hopefully things really are fine.  I'll see about getting it back to my neighbor and they'll let me know if they aren't.

Thank you so much for all of your help.  Let me know if I need to do anything else before I give it back.

Hope you have a nice 4th of July!

Dale
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Microsoft .net (509) Bandwidth error keeps popping up
« Reply #18 on: July 04, 2010, 01:29:55 PM »
Code: [Select]
510.00 Mb Total Physical Memory | 258.00 Mb Available Physical Memory | 51.00% Memory free
Programs such as McAfee can use up much resources, you may consider going to an AntiVirus with a smaller footprint, or better yet, add more RAM to the computer

Code: [Select]
Drive C: | 70.86 Gb Total Space | 5.10 Gb Free Space | 7.20% Space Free | Partition Type: NTFSYou may want to have her start to backup some of her Pics/Music to CD/DVD or consider buying an external or internal secondary drive
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Dale

  • Full Member
  • ***
  • Posts: 178
  • Karma: +0/-0
    • View Profile
Microsoft .net (509) Bandwidth error keeps popping up
« Reply #19 on: July 04, 2010, 06:21:29 PM »
Thank you sir for all your help on this.

FYI, I've just finished migrating everything off her old C drive onto a used 200GB drive I had and I've made the 200GB drive her boot drive.  So her space problem is solved.  I'm still going to get her to get an external drive.  All her pictures our on this drive and she has no backup (other than that old 80GB drive I just took out).

I'll see what she thinks about getting more RAM and then decide about the antivirus.

Thanks again,
Dale
Logged
Pages: [1] 2
« previous next »