Some open IE Browser windows closing, random restarts

redbear01 · **Joined:** Wed 7/21/10 09:51 pm **Posts:** 6

The above problem plus computer slows to a crawl and/or restarts.
All Win updates are current, KAV is current.
The files are below
Replaced memory.
Air blowed out tower.
TIA for any help.

system does have some older parts and I do realise there may be a heat issue somewhere.

OTL logfile created on: 7/23/2010 9:13:40 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\SONNY\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 24.43 Gb Free Space | 32.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.83 Gb Total Space | 224.58 Gb Free Space | 96.46% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOLTS
Current User Name: SONNY
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/22 18:53:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SONNY\Desktop\OTL.exe
PRC - [2010/01/26 13:46:14 | 000,939,272 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10Install\PDAgent.exe
PRC - [2009/10/20 21:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/12/18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
PRC - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/07/03 18:32:20 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/24 17:11:02 | 000,155,648 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
PRC - [2007/06/28 13:15:48 | 000,413,064 | ---- | M] (mst software GmbH, Germany) -- C:\Program Files\mst software\mst Defrag\mstDfrgS.exe
PRC - [2007/04/16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006/06/07 12:46:24 | 000,942,080 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/12/12 15:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2005/05/10 20:53:26 | 000,061,440 | ---- | M] ( ) -- C:\WINDOWS\system32\slmdmsr.exe
PRC - [2004/09/13 12:49:42 | 001,192,050 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe

========== Modules (SafeList) ==========

MOD - [2010/07/22 18:53:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SONNY\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/03/30 18:35:33 | 001,265,264 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/26 13:46:16 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10Install\PDEngine.exe -- (PDEngine)
SRV - [2010/01/26 13:46:14 | 000,939,272 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk10Install\PDAgent.exe -- (PDAgent)
SRV - [2009/12/02 13:21:50 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2009/10/20 21:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (avp)
SRV - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/12/18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/07/03 18:32:20 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/08/24 17:11:02 | 000,155,648 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe -- (OSCM Utility Service)
SRV - [2007/06/28 13:15:48 | 000,413,064 | ---- | M] (mst software GmbH, Germany) [Auto | Running] -- C:\Program Files\mst software\mst Defrag\mstDfrgS.exe -- (mstDfrgS)
SRV - [2007/05/16 10:41:18 | 000,029,704 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007/03/14 00:31:24 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\java.exe -- (Ipnaictcts)
SRV - [2006/06/07 12:46:24 | 000,942,080 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/05/10 20:53:26 | 000,061,440 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slmdmsr.exe -- (SLService)
SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ)
SRV - [2004/09/13 12:49:42 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2003/03/09 14:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\UXDCMN.SYS -- (UXDCMN)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - [2010/03/28 16:46:17 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/03/17 08:10:30 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/01/31 08:57:08 | 000,315,408 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (TSP)
DRV - [2010/01/31 08:57:08 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2009/12/02 13:12:46 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/12/02 13:12:40 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/02 13:12:36 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/12/02 13:12:34 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctnullport.sys -- (Nmea)
DRV - [2009/12/02 13:10:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/10/14 22:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 20:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 15:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 16:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/08/20 11:11:30 | 000,073,232 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009/05/26 17:38:06 | 000,174,592 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/05/26 17:38:06 | 000,174,592 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/05/26 17:38:06 | 000,174,592 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/05/26 17:38:06 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2007/08/16 15:24:38 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/11/10 13:51:46 | 000,505,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2006/10/22 13:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/05/10 20:31:42 | 000,698,848 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SLDRV\slntamr.sys -- (Slntamr)
DRV - [2005/05/10 20:28:18 | 000,014,680 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys -- (RecAgent)
DRV - [2005/05/10 20:25:50 | 000,237,616 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SLDRV\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2005/05/10 20:20:58 | 000,101,328 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SLDRV\slnthal.sys -- (SlNtHal)
DRV - [2005/05/10 20:19:14 | 001,464,848 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SLDRV\mtlstrm.sys -- (Mtlstrm)
DRV - [2005/05/10 20:09:50 | 000,013,248 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SLDRV\slwdmsup.sys -- (SlWdmSup)
DRV - [2005/02/22 22:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/09/13 12:54:46 | 000,028,672 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/09/13 12:54:06 | 000,093,440 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004/08/03 23:41:40 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/05/05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/01/23 05:08:50 | 000,257,408 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/01/09 03:02:56 | 000,008,960 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2002/12/24 02:09:48 | 000,030,848 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2002/07/10 10:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/07/01 18:30:16 | 000,095,232 | ---- | M] (IC Media Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ubVeo532.sys -- (DCamUSBVeo532)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463
FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.26.0
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={7DAC1792-A080-21C2-1CAE-91EF252D6397}&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/06/29 00:39:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/10 19:44:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/10 19:44:04 | 000,000,000 | ---D | M]

[2009/01/10 11:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SONNY\Application Data\Mozilla\Extensions
[2010/06/02 18:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SONNY\Application Data\Mozilla\Firefox\Profiles\37uwhie1.default\extensions
[2009/08/09 09:26:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\SONNY\Application Data\Mozilla\Firefox\Profiles\37uwhie1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/23 22:45:25 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Documents and Settings\SONNY\Application Data\Mozilla\Firefox\Profiles\37uwhie1.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/01/23 22:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SONNY\Application Data\Mozilla\Firefox\Profiles\37uwhie1.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2009/08/09 09:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SONNY\Application Data\Mozilla\Firefox\Profiles\37uwhie1.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009/09/28 20:46:40 | 000,002,160 | ---- | M] () -- C:\Documents and Settings\SONNY\Application Data\Mozilla\Firefox\Profiles\37uwhie1.default\searchplugins\MySpace.xml
[2010/06/10 19:57:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/31 19:37:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2008/11/11 02:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2004/01/13 21:09:25 | 000,176,176 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/08/09 09:27:14 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/08/09 09:27:18 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2009/03/15 00:23:04 | 000,618,526 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 http://www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 http://www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 16469 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (bho2gr Class) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [HTpatch] C:\WINDOWS\htpatch.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not foundO4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (http://www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (http://www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (http://www.BitComet.com)
O8 - Extra context menu item: &Highlight - C:\WINDOWS\Web\highlight.htm ()
O8 - Extra context menu item: &Links List - C:\WINDOWS\Web\urllist.htm ()
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm ()
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2006/08/26 09:54:42 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm ()
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\Web\frm2new.htm ()
O8 - Extra context menu item: Open in new background tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll (Microsoft Corporation)
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2006/08/26 09:54:42 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2006/08/26 09:54:42 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2006/08/26 09:54:42 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\Web\zoomin.htm ()
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\Web\zoomout.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKCU\..Trusted Domains: fdl.microsoft,com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([fdl] * in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([moneycentral] * in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([moneycentral] http in Trusted sites)
O15 - HKCU\..Trusted Domains: passport.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: schwab.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: schwab.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sears.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sears.com ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDow ... eqlab3.cab (System Requirements Lab Class)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://moneycentral.msn.com/cabs/pmupd806.exe (MSN Money Charting)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v ... 6172988503 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 0982184562 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323 (QDiagHUpdateObj Class)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/25 19:30:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/08/08 09:59:46 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2005/11/15 11:08:04 | 000,000,036 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{ac772662-9cd1-11de-b5fa-92f2f3d4f9e7}\Shell - "" = AutoRun
O33 - MountPoints2\{ac772662-9cd1-11de-b5fa-92f2f3d4f9e7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ac772662-9cd1-11de-b5fa-92f2f3d4f9e7}\Shell\AutoRun\command - "" = F:\SprintPreCopy.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/22 18:53:27 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SONNY\Desktop\OTL.exe
[2010/07/22 00:42:42 | 011,508,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\SONNY\Desktop\windows-kb890830-v3.9.exe
[2010/07/22 00:18:32 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\SONNY\Desktop\ATF-Cleaner.exe
[2010/07/14 00:57:17 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2006/01/09 02:55:20 | 000,015,000 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2006/01/08 22:28:36 | 000,652,360 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2006/01/08 22:28:36 | 000,100,384 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2006/01/08 22:28:36 | 000,014,408 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\recagent.sys
[2006/01/08 22:28:36 | 000,013,232 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2006/01/08 22:28:35 | 001,395,296 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2006/01/08 22:28:35 | 000,231,224 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/23 21:00:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/23 21:00:04 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/23 20:59:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/23 20:59:47 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/23 20:57:11 | 016,252,928 | ---- | M] () -- C:\Documents and Settings\SONNY\ntuser.dat
[2010/07/23 20:57:11 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\SONNY\ntuser.ini
[2010/07/23 18:42:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/23 13:02:56 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/22 18:56:32 | 000,867,892 | ---- | M] () -- C:\Documents and Settings\SONNY\Desktop\SecurityCheck.exe
[2010/07/22 18:53:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SONNY\Desktop\OTL.exe
[2010/07/22 00:42:42 | 011,508,680 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\SONNY\Desktop\windows-kb890830-v3.9.exe
[2010/07/22 00:18:32 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\SONNY\Desktop\ATF-Cleaner.exe
[2010/07/18 21:21:17 | 000,556,146 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/18 21:21:17 | 000,463,628 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/18 21:21:17 | 000,080,756 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/04 09:51:45 | 000,000,787 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/04 09:51:45 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System.ini
[2010/07/04 09:51:45 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/22 18:56:32 | 000,867,892 | ---- | C] () -- C:\Documents and Settings\SONNY\Desktop\SecurityCheck.exe
[2009/06/25 21:29:03 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/06/11 00:40:02 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/05/26 17:38:12 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/09/12 07:31:29 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI
[2008/07/30 22:22:11 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/30 22:22:10 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/14 20:11:17 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\bassmod.dll
[2007/05/13 08:46:23 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/01/13 12:37:45 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/12 18:34:33 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/12 22:07:49 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/01/09 02:55:20 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2006/01/09 02:55:20 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2006/01/09 02:55:20 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2006/01/09 02:53:25 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\slmdmsp.dll
[2006/01/09 02:53:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\slmdmgx.dll
[2006/01/09 02:53:25 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\slmdmco.dll
[2006/01/08 22:29:46 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\csamsp.dll
[2005/06/15 17:20:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/06/15 17:20:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/06/15 17:20:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/06/15 17:20:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/06/15 17:20:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/06/15 17:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/12/26 15:57:51 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2004/12/26 15:57:51 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/12/22 23:49:29 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2004/12/05 12:11:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/11/06 14:06:17 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2004/11/06 14:06:17 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\578BC53B8D.sys
[2004/10/01 18:12:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/01 09:13:04 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/09/27 22:55:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/09/26 13:53:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/25 19:52:54 | 000,033,114 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2004/09/25 19:52:54 | 000,015,274 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2004/09/25 19:52:54 | 000,008,960 | R--- | C] () -- C:\WINDOWS\System32\drivers\srvkp.sys
[2004/09/25 19:51:54 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2004/09/25 19:49:49 | 000,003,072 | R--- | C] () -- C:\WINDOWS\winio.sys
[2004/09/01 10:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/03/09 14:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/01 17:44:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Veo532ut.dll
[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2007/06/17 10:26:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/01/02 18:19:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/01/27 12:46:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2006/03/22 08:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro
[2005/08/12 18:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2006/08/16 14:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/09/08 23:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2010/05/23 10:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2010/03/06 17:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2008/12/06 18:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2005/03/25 13:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/07/28 19:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/01/23 23:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2010/03/28 14:07:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{AE7A0398-3EE6-4B79-B2B0-E01BBEB9B268}
[2004/09/29 07:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SONNY\Application Data\Aim
[2010/01/02 19:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SONNY\Application Data\Canon
[2010/03/21 20:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SONNY\Application Data\FUJIFILM
[2009/06/07 18:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SONNY\Application Data\GetRightToGo
[2006/06/11 01:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SONNY\Application Data\last.fm
[2004/09/26 01:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SONNY\Application Data\Leadertech
[2005/08/08 01:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SONNY\Application Data\MailWasherPro
[2005/10/14 06:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SONNY\Application Data\OLYMPUS
[2007/01/07 13:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SONNY\Application Data\RipIt4Me
[2010/03/06 17:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SONNY\Application Data\Sierra Wireless
[2004/09/28 21:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SONNY\Application Data\Snapfish
[2007/01/14 12:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SONNY\Application Data\SPAMfighter
[2009/09/08 19:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SONNY\Application Data\Sprint
[2008/12/06 18:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SONNY\Application Data\TuneUp Software
[2008/08/02 11:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SONNY\Application Data\Vso
[2009/01/10 19:20:04 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2005/02/04 00:18:51 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1099545250.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 7/23/2010 9:13:40 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\SONNY\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 24.43 Gb Free Space | 32.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.83 Gb Total Space | 224.58 Gb Free Space | 96.46% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOLTS
Current User Name: SONNY
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.js [@ = JSFile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"18926:TCP" = 18926:TCP:*:Enabled:BitComet 18926 TCP
"18926:UDP" = 18926:UDP:*:Enabled:BitComet 18926 UDP
"27516:TCP" = 27516:TCP:*:Enabled:BitComet 27516 TCP(ED2K)
"27516:UDP" = 27516:UDP:*:Enabled:BitComet 27516 UDP(ED2K)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\1125104503\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125104503\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Tardis 2000 V1.5\Tardis.exe" = C:\Program Files\Tardis 2000 V1.5\Tardis.exe:*:Enabled:TARDIS 2000 Application -- (H.C.Mingham-Smith Ltd.)
"C:\Program Files\Common Files\AOL\1125104503\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125104503\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Mr. Grabber\MrGrabber.exe" = C:\Program Files\Mr. Grabber\MrGrabber.exe:*:Enabled:UserID Password Verifier -- (iOffer.com)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (http://www.BitComet.com)
"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\English\setup.exe" = C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\English\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup -- (Kaspersky Lab)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066A1255-1299-4EBA-B9B3-FA7FB14F92E4}" = CIF USB Camera
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP480_series" = Canon MP480 series MP Drivers
"{143439E9-658B-4C22-86D1-59D1F70F1ABD}" = Sprint Mobile Broadband (Novatel Wireless)
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.2
"{26502D04-57B1-4A2D-8D5D-9DE36FC99355}" = Mobile Broadband Generic Drivers
"{2880EEEB-AA3E-4E30-AC70-DEBD89CD131A}" = mst Defrag Home Edition
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002 OEM
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{577D60CB-0D5E-48D1-8850-84098AD34804}" = Autodesk DWF Composer
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{71cf3dd1-7a62-49d5-9ce9-4aaa3fad5871}" = Nero 9 Trial
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.1.3.40
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{7CDC26F7-D6BF-442A-B599-0075A48310F7}" = SA32xx Device Manager
"{7D1DCBBA-F6F5-42B4-B90B-F04ACE4DFD6C}" = MSN Search Toolbar
"{7F5AF4AA-7F77-47FC-9E22-519822FC6365}" = Sprint SmartView
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D8B167A-ED0F-43F1-AC10-3F4379F7CBBB}" = ArcSoft MediaConverter 2.5
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{934E9442-D305-4ACF-AD87-A6C11D677CB9}" = ImageMixer VCD2 for FinePix
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{99CC78D1-2356-497C-84C1-F239884001EC}" = Turbo Lister
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAB2A3A6-6789-4260-9966-517498589AB5}" = ArcSoft PhotoImpression 5
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D6111BDE-3D23-403E-96BD-3CE416101B16}" = Diskeeper Professional Edition
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Ad-Aware" = Ad-Aware
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Explorer" = AOL Explorer
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Toolbar" = AOL Toolbar 2.0
"ArcExplorer 2.0" = ESRI ArcExplorer 2.0
"AVS Video Converter 4.3_is1" = AVS Video Converter 4.3.1.371
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BitComet" = BitComet 1.07
"Browser MOUSE" = Browser MOUSE
"Canon MP160 User Registration" = Canon MP160 User Registration
"Canon MP480 series User Registration" = Canon MP480 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"Championship Spades Pro_is1" = Championship Spades Pro 5.46
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivX Pro Codec" = DivX Pro Codec
"Dr. DivX 1.0.3" = Dr. DivX 1.0.3
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint" = Easy-WebPrint
"Eudora Light" = Eudora Light 3.0.6
"FreshDevices - FreshUI_is1" = FreshUI
"GetRight_is1" = GetRight
"HijackThis" = HijackThis 1.99.1
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"IE5WA" = Microsoft Internet Explorer 5 Web Accessories
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"Indeo® Software" = Indeo® Software
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{99CC78D1-2356-497C-84C1-F239884001EC}" = Turbo Lister
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"IrfanView" = IrfanView (remove only)
"Last.fm Player_is1" = Last.fm Player 1.0.4
"MailWasher Pro_is1" = MailWasher Pro
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006a" = MSN Money Investment Toolbox
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSN Music Assistant" = MSN Music Assistant
"MultiMedia Keyboard MultiMedia Keyboard" = MultiMedia Keyboard 1.1
"MWASPI" = MicroStaff WINASPI
"MySpaceIM" = MySpaceIM
"NeoTrace Pro 3.25" = NeoTrace Pro 3.25
"NVIDIA Drivers" = NVIDIA Drivers
"Panda ActiveScan" = Panda ActiveScan
"PureVoice" = PureVoice 1.0
"Registry First Aid_is1" = Registry First Aid
"RegVac - Registered Version" = RegVac - Registered Version
"RipIt4Me" = RipIt4Me
"Search Guard Plus" = Search Guard Plus (My Web Tattoo)
"Search Guard Plus Updater" = Search Guard Plus Updater (My Web Tattoo)
"SiS 650_651_M650_M652_740" = SiS 650_651_M650_M652_740
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SiSoftware Sandra Professional 2004.SP1 (Win32 x86)_is1" = SiSoftware Sandra Professional 2004.SP1 (Jagged Online Ltd Edit
"SiSoftware Sandra Professional 2004.SP2b (Win32 x86)_is1" = SiSoftware Sandra Professional 2004.SP2b (Win32 x86)
"SLAMRNTV" = Smart Link 56K Voice Modem
"Soulseek" = SoulSeek Client 156c
"Soulseek Client 154 test 1" = Soulseek Client 154 test 1
"Soulseek2" = SoulSeek 157 NS 12d
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"ST6UNST #1" = Mr. Grabber
"SystemRequirementsLab" = System Requirements Lab
"Tardis 2000 V1.5" = Tardis 2000 V1.5
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"Trillian" = Trillian
"TurboTax 2008" = TurboTax 2008
"Tweak UI 2.10" = Tweak UI
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Wireless Keyboard && Optical Mouse" = Wireless Keyboard && Optical Mouse
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Mail AutoComplete" = Yahoo! Address AutoComplete
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/14/2010 12:32:51 AM | Computer Name = DOLTS | Source = Application Error | ID = 1000
Description = Faulting application oscm3.exe, version 3.10.0.14, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x00011782.

Error - 7/14/2010 12:47:59 AM | Computer Name = DOLTS | Source = Application Error | ID = 1001
Description = Fault bucket 1229857298.

Error - 7/16/2010 8:47:55 AM | Computer Name = DOLTS | Source = Application Hang | ID = 1002
Description = Hanging application OSCM3.exe, version 3.10.0.14, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/17/2010 11:33:02 AM | Computer Name = DOLTS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x459353f0.

Error - 7/17/2010 11:33:52 AM | Computer Name = DOLTS | Source = Application Error | ID = 1001
Description = Fault bucket 1336610433.

Error - 7/17/2010 12:31:31 PM | Computer Name = DOLTS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/17/2010 12:31:49 PM | Computer Name = DOLTS | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 7/17/2010 10:15:28 PM | Computer Name = DOLTS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/17/2010 10:15:50 PM | Computer Name = DOLTS | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 7/17/2010 10:18:05 PM | Computer Name = DOLTS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/22/2010 11:09:19 AM | Computer Name = DOLTS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 7/22/2010 11:09:20 AM | Computer Name = DOLTS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 7/22/2010 11:09:27 AM | Computer Name = DOLTS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 7/22/2010 11:09:29 AM | Computer Name = DOLTS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 7/22/2010 11:09:30 AM | Computer Name = DOLTS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 7/22/2010 11:09:31 AM | Computer Name = DOLTS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 7/22/2010 11:09:33 AM | Computer Name = DOLTS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 7/22/2010 11:09:34 AM | Computer Name = DOLTS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 7/22/2010 11:09:35 AM | Computer Name = DOLTS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 7/22/2010 11:09:37 AM | Computer Name = DOLTS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

< End of report >

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Kaspersky Anti-Virus 2010
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
Ad-Aware
MVPS Hosts File
Out of date HijackThis installed!
Spybot - Search & Destroy 1.4
HijackThis 1.99.1
TuneUp Utilities 2007
CCleaner (remove only)
Java(TM) SE Runtime Environment 6 Update 1
Adobe Flash Player 10.0.32.18
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader 6.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Kaspersky Lab Kaspersky Anti-Virus 2010 avp.exe
````````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.

``````````End of Log````````````

rkinner · **Posted:** Sat 7/24/10 08:54 am

Uninstall all of the items listed in red in your Extras Log.

1. Double-click My Computer, and then right-click the hard disk that you want to check.
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. (In Vista, next select Windows Logs) Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwareremoval.com/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Download but do not yet run ComboFix
:!:

If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

It must be saved to your desktop, do not run it :!:

Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingcomputer.com/forums/topic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.

* :!:

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Go to this page and Download TDSSKiller.zip to your Desktop.
Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
Start >All Programs> Accessories> Command Prompt. Copythe following bolded command, then right click and Paste then hit Enter.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download => http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. Does it see the XP MBR? IF not what does it say and what PC (make and model) do you have.

Ron

redbear01 · **Joined:** Wed 7/21/10 09:51 pm **Posts:** 6

Thanks Ron and Pa Bear,

All the uninstalls but one went fine.
Problem with "{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7

I started at the top of the Extras log on the red list and worked my way down.
Tried J2Se after each couple uninstalls, and after a couple reboots, no joy.

Should I continue to Check Disk and the rest of the list?

rkinner · **Posted:** Sat 7/24/10 07:27 pm

Yes

Please continue.

We will worry about the old java later.

Ron

redbear01 · **Joined:** Wed 7/21/10 09:51 pm **Posts:** 6

almost there

receiving error on TDSSKiller after copy and paste of
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
error before I hit Enter
Large red Circle with an X in it and 5 lines after the info line states
Valid command line parameters:
Do you need these?

The Command Prompt opens at C:\Documents and Settings\SONNY>

rkinner · **Posted:** Sun 7/25/10 05:20 pm

The command assumes tdsskiller is on your desktop. You can run it without the options but you may not get a log.

Ron

redbear01 · **Joined:** Wed 7/21/10 09:51 pm **Posts:** 6

Uninstalled everything in red except the old Java mentioned earlier.

Check disk did find some bad spots and took hours to complete.
sfc ran automatically on bootup

Logs
VEW system
Vino's Event Viewer v01c run on Windows XP in English
Report run at 25/07/2010 12:59:21 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

VEW Applications

Vino's Event Viewer v01c run on Windows XP in English
Report run at 25/07/2010 1:01:59 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/07/2010 4:40:05 AM
Type: warning Category: 1
Event: 32066 Source: Microsoft Fax
At least one of the devices in the outgoing routing group is not valid. Group name: '<All devices>'

Log: 'Application' Date/Time: 25/07/2010 4:38:58 AM
Type: warning Category: 8
Event: 19011 Source: MSSQL$MICROSOFTSMLBIZ
The event description cannot be found.

Combofix

ComboFix 10-07-24.03 - SONNY 07/25/2010 13:50:34.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1714 [GMT -5:00]
Running from: c:\documents and settings\SONNY\Desktop\george.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\SONNY\Application Data\inst.exe
c:\documents and settings\SONNY\My Documents\DPE.DUS
c:\documents and settings\SONNY\Recent\Thumbs.db
c:\progra~1\AWS\WEATHE~1\MINIbu~1.dll
c:\program files\AWS\WEATHE~1\MINIBU~1.DLL
c:\windows\Downloaded Program Files\Temp
c:\windows\system32\zip32.dll
G:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-25 to 2010-07-25 )))))))))))))))))))))))))))))))
.

2010-07-24 22:53 . 2010-07-24 22:57 -------- d-----w- c:\documents and settings\SONNY\Application Data\GetRight
2010-07-14 05:57 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-25 19:11 . 2006-05-28 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-07-24 23:57 . 2004-09-26 01:13 73952 ----a-w- c:\documents and settings\SONNY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-24 23:56 . 2010-03-28 19:07 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{AE7A0398-3EE6-4B79-B2B0-E01BBEB9B268}
2010-07-24 23:27 . 2004-11-01 05:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-24 23:27 . 2004-11-01 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-24 23:02 . 2004-11-10 04:47 -------- d-----w- c:\program files\RegVac
2010-07-24 23:01 . 2004-09-26 17:57 -------- d-----w- c:\program files\RFA
2010-07-24 22:59 . 2004-09-26 18:13 -------- d-----w- c:\program files\GetRight
2010-07-24 22:52 . 2007-05-21 04:59 -------- d-----w- c:\program files\BitComet
2010-07-24 20:19 . 2006-07-15 17:11 -------- d-----w- c:\program files\Java
2010-07-24 19:44 . 2004-09-26 17:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-18 14:22 . 2004-09-29 03:12 -------- d-----w- c:\documents and settings\SONNY\Application Data\AdobeUM
2010-06-14 14:31 . 2004-09-26 00:28 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-04 22:35 . 2009-06-23 01:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-30 18:48 . 2009-10-25 22:31 -------- d-----w- c:\program files\FinePixViewerS
2010-05-06 10:41 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 12:26 . 2008-10-04 21:04 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-05 12:26 . 2008-10-04 21:04 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-02 05:22 . 2003-03-31 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2007-01-27 00:29 . 2007-01-27 00:29 614400 ----a-w- c:\program files\Common Files\ezUpdaterVb6.dll
2007-01-23 23:38 . 2007-01-23 23:38 454656 ----a-w- c:\program files\Common Files\ezSignInEbay2.ocx
2007-01-23 19:50 . 2007-01-23 19:50 2741 ----a-w- c:\program files\Common Files\ezs.dta
2007-01-21 18:40 . 2007-01-21 18:40 40960 ----a-w- c:\program files\Common Files\cjErrHandler.dll
2006-12-12 10:23 . 2006-12-12 10:23 78384 -c--a-w- c:\program files\MySpaceIM_Setup.exe
2005-12-24 18:08 . 2005-12-24 18:08 258048 ----a-w- c:\program files\Common Files\eDropShadow.ocx
2004-11-06 19:06 . 2004-11-06 19:06 8 --sh--r- c:\windows\system32\578BC53B8D.sys
2004-11-06 19:29 . 2004-11-06 19:06 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-01 00:39 . 2008-10-04 21:09 58008864 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-01 00:39 . 2008-10-04 21:09 852256 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-01 00:50 . 2009-09-01 00:50 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
.

------- Sigcheck -------

[-] 2009-01-10 . 656002B479E1C84C3D995ED42799F77D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2009-01-10 . 656002B479E1C84C3D995ED42799F77D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2002-12-19 28672]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-21 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-09-29 9347072]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
backup=c:\windows\pss\APC UPS Status.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher S.lnk]
backup=c:\windows\pss\Exif Launcher S.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-07-04 20:00 109056 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-04 01:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-11 01:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
2008-07-09 15:51 356352 ----a-w- c:\program files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 16:01 319488 ----a-w- c:\windows\Pixart\Pac207\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2009-09-29 02:16 9347072 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 18:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 18:22 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 18:22 1622016 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OFFICEKB]
2008-07-09 15:51 384000 ----a-w- c:\program files\Micro Innovations\Wireless Keyboard & Optical Mouse\KBDAP32A.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 21:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG]
2009-12-02 18:21 316736 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 20:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]
2009-12-02 22:32 75072 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-05-03 07:56 36975 ----a-w- c:\program files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Tardis 2000 V1.5\\Tardis.exe"=
"c:\\Program Files\\Common Files\\AOL\\1125104503\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Mr. Grabber\\MrGrabber.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18926:TCP"= 18926:TCP:BitComet 18926 TCP
"18926:UDP"= 18926:UDP:BitComet 18926 UDP
"27516:TCP"= 27516:TCP:BitComet 27516 TCP(ED2K)
"27516:UDP"= 27516:UDP:BitComet 27516 UDP(ED2K)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 36880]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/28/2010 2:20 PM 64288]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [3/28/2010 4:46 PM 95024]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 3:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [11/22/2008 4:38 PM 20160]
S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\drivers\ubVeo532.sys [7/1/2002 6:30 PM 95232]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/17/2010 8:10 AM 1265264]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [8/16/2007 3:24 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [8/16/2007 3:24 PM 174592]
S3 PAC207;CIF USB Camera;c:\windows\system32\drivers\PFC027.SYS [9/12/2008 7:31 AM 505984]
S3 UXDCMN;UXDCMN;\??\e:\uxdcmn.sys --> e:\UXDCMN.SYS [?]
S4 Ipnaictcts;Ipnaictcts;c:\windows\system32\java.exe [3/14/2007 12:31 AM 49248]

--- Other Services/Drivers In Memory ---

*Deregistered* - BMLoad

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-01-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-03 01:35]

2010-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 20:21]

2005-02-04 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4099545250.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 23:56]
.
.
------- Supplementary Scan -------
.
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: &Highlight - c:\windows\WEB\highlight.htm
IE: &Links List - c:\windows\WEB\urllist.htm
IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll/search.htm
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: I&mages List - c:\windows\Web\imglist.htm
IE: Open Frame in &New Window - c:\windows\WEB\frm2new.htm
IE: Open in new background tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/229?87c17793a9564dc5968f288f7fb2652
IE: Open in new foreground tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/230?87c17793a9564dc5968f288f7fb2652
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: Zoom &In - c:\windows\WEB\zoomin.htm
IE: Zoom O&ut - c:\windows\WEB\zoomout.htm
LSP: bmnet.dll
Trusted Zone: fdl.microsoft,com
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\fdl
Trusted Zone: msn.com
Trusted Zone: msn.com\moneycentral
Trusted Zone: passport.net
Trusted Zone: schwab.com
Trusted Zone: schwab.com\www
Trusted Zone: sears.com\www
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\SONNY\Application Data\Mozilla\Firefox\Profiles\37uwhie1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/result ... DEF&v=4&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client ... S:official
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/result ... S&v=4&tid={7DAC1792-A080-21C2-1CAE-91EF252D6397}&q=
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\PayPal\PayPal Plug-In\components\PayPalPlugin.dll
FF - plugin: c:\documents and settings\SONNY\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-FBSearch - c:\program files\Search Guard Plus\SearchGuardPlus.exe
MSConfigStartUp-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-25 14:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\??????Z????`??Z???Z`??Z???????????????Z???Z???Z???Z$??????Z???????????????Z???????????Z???w????(????3?w???w?????3?w ??w???Z:???????d???r??Z1??Z???Zd??????Z?-?Z????z??w8h?Z\2?Z?1?Zhtinst.INI?Z?u?Z????d????????E?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\bmnet.dll

- - - - - - - > 'explorer.exe'(764)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\mst software\mst Defrag\mstDfrgS.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
c:\program files\Raxco\PerfectDisk10Install\PDAgent.exe
c:\windows\system32\slmdmsr.exe
.
**************************************************************************
.
Completion time: 2010-07-25 14:23:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-25 19:23

Pre-Run: 26,588,258,304 bytes free
Post-Run: 26,602,807,296 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 0138B39A783DF0F8DC247868CA0A6216

TDSSK ran from desktop, 230 objects, infection: not found

2010/07/25 20:26:03.0234 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/25 20:26:03.0234 ================================================================================
2010/07/25 20:26:03.0234 SystemInfo:
2010/07/25 20:26:03.0234
2010/07/25 20:26:03.0234 OS Version: 5.1.2600 ServicePack: 3.0
2010/07/25 20:26:03.0234 Product type: Workstation
2010/07/25 20:26:03.0234 ComputerName: DOLTS
2010/07/25 20:26:03.0234 UserName: SONNY
2010/07/25 20:26:03.0234 Windows directory: C:\WINDOWS
2010/07/25 20:26:03.0234 System windows directory: C:\WINDOWS
2010/07/25 20:26:03.0234 Processor architecture: Intel x86
2010/07/25 20:26:03.0234 Number of processors: 1
2010/07/25 20:26:03.0234 Page size: 0x1000
2010/07/25 20:26:03.0234 Boot type: Normal boot
2010/07/25 20:26:03.0234 ================================================================================
2010/07/25 20:26:03.0921 Initialize success
2010/07/25 20:26:31.0406 ================================================================================
2010/07/25 20:26:31.0406 Scan started
2010/07/25 20:26:31.0406 Mode: Manual;
2010/07/25 20:26:31.0406 ================================================================================
2010/07/25 20:26:53.0453 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/07/25 20:26:54.0046 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/07/25 20:26:54.0671 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
2010/07/25 20:26:55.0703 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/07/25 20:26:56.0390 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2010/07/25 20:26:56.0906 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/07/25 20:27:00.0140 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/07/25 20:27:04.0296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/07/25 20:27:04.0828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/07/25 20:27:05.0750 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/07/25 20:27:06.0359 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/07/25 20:27:06.0968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/07/25 20:27:07.0515 BMLoad (98f4630b5867d911ad6eae79874bf5e6) C:\WINDOWS\system32\drivers\BMLoad.sys
2010/07/25 20:27:08.0046 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/07/25 20:27:08.0562 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/07/25 20:27:09.0546 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/07/25 20:27:10.0328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/07/25 20:27:11.0062 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2010/07/25 20:27:11.0640 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/07/25 20:27:13.0046 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/07/25 20:27:14.0968 DCamUSBVeo532 (e3834cdc0ea44bdda7c54861a4c92d32) C:\WINDOWS\system32\Drivers\ubVeo532.sys
2010/07/25 20:27:15.0500 DefragFS (292e9ec82df08cbdd1cc51d963f38248) C:\WINDOWS\system32\drivers\DefragFS.sys
2010/07/25 20:27:16.0000 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/07/25 20:27:16.0765 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/07/25 20:27:17.0625 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/07/25 20:27:18.0203 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/07/25 20:27:18.0718 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/07/25 20:27:19.0890 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/07/25 20:27:20.0546 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/07/25 20:27:21.0062 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/07/25 20:27:21.0656 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/07/25 20:27:22.0125 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/07/25 20:27:22.0906 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/07/25 20:27:23.0390 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/07/25 20:27:23.0890 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/07/25 20:27:24.0343 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/07/25 20:27:24.0828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/07/25 20:27:25.0281 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2010/07/25 20:27:25.0812 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/07/25 20:27:26.0734 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/07/25 20:27:27.0218 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/07/25 20:27:27.0687 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/07/25 20:27:28.0234 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/07/25 20:27:29.0625 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/07/25 20:27:30.0171 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/07/25 20:27:30.0656 InCDfs (2033780b89143e45f56300d8d7d22e7e) C:\WINDOWS\system32\drivers\InCDfs.sys
2010/07/25 20:27:31.0109 InCDPass (400313dc0b230836a4fb64cf3f8f6e59) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2010/07/25 20:27:31.0578 InCDrec (970208671716754bad77dcf8dff82892) C:\WINDOWS\system32\drivers\InCDrec.sys
2010/07/25 20:27:32.0843 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/07/25 20:27:33.0343 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/07/25 20:27:33.0828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/07/25 20:27:34.0296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/07/25 20:27:34.0812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/07/25 20:27:35.0343 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/07/25 20:27:35.0984 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/07/25 20:27:36.0468 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/07/25 20:27:36.0921 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/07/25 20:27:37.0421 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
2010/07/25 20:27:37.0890 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys
2010/07/25 20:27:38.0421 klif (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys
2010/07/25 20:27:38.0890 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
2010/07/25 20:27:39.0359 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/07/25 20:27:39.0812 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2010/07/25 20:27:40.0296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/07/25 20:27:40.0781 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/07/25 20:27:41.0296 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/07/25 20:27:42.0140 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
2010/07/25 20:27:42.0578 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/07/25 20:27:43.0046 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/07/25 20:27:43.0500 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/07/25 20:27:43.0953 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/07/25 20:27:44.0390 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/07/25 20:27:44.0859 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/07/25 20:27:45.0765 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/07/25 20:27:46.0421 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/07/25 20:27:47.0031 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/07/25 20:27:47.0453 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/07/25 20:27:47.0906 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/07/25 20:27:48.0359 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/07/25 20:27:48.0828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/07/25 20:27:49.0265 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/07/25 20:27:49.0718 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2010/07/25 20:27:50.0250 Mtlmnt5 (8cc4ab0f1fdb5fc7f58779dab0b1d22e) C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys
2010/07/25 20:27:51.0187 Mtlstrm (195c5a0b44240dbb999f267ecfd3fab2) C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys
2010/07/25 20:27:52.0187 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/07/25 20:27:52.0687 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/07/25 20:27:53.0218 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/07/25 20:27:53.0687 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/07/25 20:27:54.0156 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/07/25 20:27:54.0593 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/07/25 20:27:55.0062 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/07/25 20:27:55.0546 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/07/25 20:27:56.0015 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/07/25 20:27:56.0500 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/07/25 20:27:57.0109 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\WINDOWS\system32\DRIVERS\pctnullport.sys
2010/07/25 20:27:57.0562 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/07/25 20:27:58.0187 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/07/25 20:27:58.0890 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
2010/07/25 20:27:59.0390 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/07/25 20:28:01.0187 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/07/25 20:28:03.0140 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
2010/07/25 20:28:03.0578 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/07/25 20:28:04.0062 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/07/25 20:28:04.0531 NWUSBCDFIL (224131778c92aee8c13afac5fbff19ca) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
2010/07/25 20:28:05.0046 NWUSBModem (e25caaabe56040e001d3abeaf9432fb0) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
2010/07/25 20:28:05.0609 NWUSBPort (e25caaabe56040e001d3abeaf9432fb0) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
2010/07/25 20:28:06.0171 NWUSBPort2 (e25caaabe56040e001d3abeaf9432fb0) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
2010/07/25 20:28:06.0828 PAC207 (81f258f3c30ec7d8d3b3d19b32002f70) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
2010/07/25 20:28:07.0515 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/07/25 20:28:08.0015 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/07/25 20:28:08.0453 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/07/25 20:28:08.0906 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
2010/07/25 20:28:09.0390 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/07/25 20:28:10.0250 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/07/25 20:28:10.0718 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/07/25 20:28:11.0218 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/07/25 20:28:11.0656 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
2010/07/25 20:28:14.0546 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/07/25 20:28:15.0015 PQNTDrv (04f3971b70a7855f04d351aa4bee7799) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2010/07/25 20:28:15.0468 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/07/25 20:28:15.0937 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/07/25 20:28:16.0390 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/07/25 20:28:16.0843 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/07/25 20:28:19.0359 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/07/25 20:28:19.0812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/07/25 20:28:20.0296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/07/25 20:28:20.0765 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/07/25 20:28:21.0281 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/07/25 20:28:21.0750 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/07/25 20:28:22.0265 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/07/25 20:28:22.0765 RecAgent (5df1543b5258af20deddbb32808470c5) C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys
2010/07/25 20:28:23.0234 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/07/25 20:28:23.0718 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/07/25 20:28:24.0171 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/07/25 20:28:24.0640 SBRE (4019149e4e296072831c8855605d9fdc) C:\WINDOWS\system32\drivers\SBREdrv.sys
2010/07/25 20:28:25.0109 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/07/25 20:28:25.0546 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/07/25 20:28:26.0031 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/07/25 20:28:26.0531 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/07/25 20:28:27.0484 SiS315 (8fbbfd9448bd5cdb7c64d92d8153f388) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2010/07/25 20:28:28.0031 sisagp (8dfbc5aa688caa1b7eebc704250fc06e) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2010/07/25 20:28:28.0484 SiSkp (668a8d43bf24f69e53bfe35a08bf9ce8) C:\WINDOWS\system32\drivers\srvkp.sys
2010/07/25 20:28:28.0937 SISNIC (8204c49cde112f7b9c2f15707fe2cc5a) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2010/07/25 20:28:29.0406 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/07/25 20:28:30.0078 Slntamr (e61f4a8551ed6d42245ec5c4a29c120b) C:\WINDOWS\system32\DRIVERS\SLDRV\slntamr.sys
2010/07/25 20:28:30.0546 SlNtHal (7f5f9b53bea4238aa18ba05382ec7629) C:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys
2010/07/25 20:28:31.0031 SlWdmSup (58f389daea07a855f7f38dd0d66e20c2) C:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys
2010/07/25 20:28:31.0906 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/07/25 20:28:32.0390 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/07/25 20:28:32.0953 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/07/25 20:28:33.0515 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/07/25 20:28:33.0953 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/07/25 20:28:34.0421 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/07/25 20:28:34.0890 swmsflt (150ab4fa272130ec55b2a4faebdf47f9) C:\WINDOWS\System32\drivers\swmsflt.sys
2010/07/25 20:28:36.0937 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/07/25 20:28:37.0578 Tcpip (656002b479e1c84c3d995ed42799f77d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/07/25 20:28:38.0156 tcpipBM (4bed0c7fdf414d1bd26bf33ea673ca49) C:\WINDOWS\system32\drivers\tcpipBM.sys
2010/07/25 20:28:38.0625 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/07/25 20:28:39.0078 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/07/25 20:28:39.0546 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/07/25 20:28:40.0562 TSP (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\drivers\klif.sys
2010/07/25 20:28:41.0031 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/07/25 20:28:42.0062 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/07/25 20:28:42.0671 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/07/25 20:28:43.0140 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/07/25 20:28:43.0625 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/07/25 20:28:44.0078 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/07/25 20:28:44.0531 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/07/25 20:28:44.0984 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/07/25 20:28:45.0468 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/07/25 20:28:45.0937 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/07/25 20:28:46.0796 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/07/25 20:28:47.0250 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/07/25 20:28:48.0156 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/07/25 20:28:48.0640 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/07/25 20:28:49.0093 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/07/25 20:28:49.0578 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/07/25 20:28:50.0078 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/07/25 20:28:50.0140 ================================================================================
2010/07/25 20:28:50.0140 Scan finished
2010/07/25 20:28:50.0140 ================================================================================

MBRCheck
\\.\ C:--> \\.\ physicalDrive0
\\.\G:--> \\.\ phisysicalDrive1

76GB \\.\ PhysicalDrive 0 Windows XP MBR code detected
232 GB \\.\ PhysicalDrive 1 error reading raw MBR!
Done!

note
Dive G is a USB connected drive

rkinner · **Posted:** Sun 7/25/10 10:30 pm

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

DirLook::
C:\Program Files\Common
%user%\library

FCopy::
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\drivers\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\dllcache\tcpip.sys

Driver::
UXDCMN
Ipnaictcts

File::
c:\windows\system32\java.exe

Registry::
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

Are things any better now?

Ron

redbear01 · **Joined:** Wed 7/21/10 09:51 pm **Posts:** 6

Thank you for your help!
Things do appear better.

ComboFix 10-07-29.01 - SONNY 07/29/2010 21:57:58.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1473 [GMT -5:00]
Running from: c:\documents and settings\SONNY\Desktop\george.exe
Command switches used :: c:\documents and settings\SONNY\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\windows\system32\java.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\dllcache\tcpip.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UXDCMN
-------\Service_Ipnaictcts
-------\Service_UXDCMN

((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-24 22:53 . 2010-07-24 22:57 -------- d-----w- c:\documents and settings\SONNY\Application Data\GetRight
2010-07-14 05:57 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 04:19 . 2006-05-28 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-07-29 17:59 . 2008-10-04 21:04 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-29 17:59 . 2008-10-04 21:04 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-26 13:48 . 2008-07-08 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2010-07-24 23:57 . 2004-09-26 01:13 73952 ----a-w- c:\documents and settings\SONNY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-24 23:56 . 2010-03-28 19:07 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{AE7A0398-3EE6-4B79-B2B0-E01BBEB9B268}
2010-07-24 23:27 . 2004-11-01 05:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-24 23:27 . 2004-11-01 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-24 23:02 . 2004-11-10 04:47 -------- d-----w- c:\program files\RegVac
2010-07-24 23:01 . 2004-09-26 17:57 -------- d-----w- c:\program files\RFA
2010-07-24 22:59 . 2004-09-26 18:13 -------- d-----w- c:\program files\GetRight
2010-07-24 22:52 . 2007-05-21 04:59 -------- d-----w- c:\program files\BitComet
2010-07-24 20:19 . 2006-07-15 17:11 -------- d-----w- c:\program files\Java
2010-07-24 19:44 . 2004-09-26 17:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-18 14:22 . 2004-09-29 03:12 -------- d-----w- c:\documents and settings\SONNY\Application Data\AdobeUM
2010-06-14 14:31 . 2004-09-26 00:28 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-04 22:35 . 2009-06-23 01:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-06 10:41 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2003-03-31 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2007-01-27 00:29 . 2007-01-27 00:29 614400 ----a-w- c:\program files\Common Files\ezUpdaterVb6.dll
2007-01-23 23:38 . 2007-01-23 23:38 454656 ----a-w- c:\program files\Common Files\ezSignInEbay2.ocx
2007-01-23 19:50 . 2007-01-23 19:50 2741 ----a-w- c:\program files\Common Files\ezs.dta
2007-01-21 18:40 . 2007-01-21 18:40 40960 ----a-w- c:\program files\Common Files\cjErrHandler.dll
2006-12-12 10:23 . 2006-12-12 10:23 78384 -c--a-w- c:\program files\MySpaceIM_Setup.exe
2005-12-24 18:08 . 2005-12-24 18:08 258048 ----a-w- c:\program files\Common Files\eDropShadow.ocx
2004-11-06 19:06 . 2004-11-06 19:06 8 --sh--r- c:\windows\system32\578BC53B8D.sys
2004-11-06 19:29 . 2004-11-06 19:06 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-01 00:39 . 2008-10-04 21:09 58008864 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-01 00:39 . 2008-10-04 21:09 852256 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-01 00:50 . 2009-09-01 00:50 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----

---- Directory of c:\program files\Common ----

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2002-12-19 28672]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-21 340456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-09-29 9347072]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-6-23 221247]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher S.lnk]
backup=c:\windows\pss\Exif Launcher S.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-07-04 20:00 109056 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-04 01:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-11 01:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
2008-07-09 15:51 356352 ----a-w- c:\program files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 16:01 319488 ----a-w- c:\windows\Pixart\Pac207\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2009-09-29 02:16 9347072 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 18:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 18:22 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 18:22 1622016 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OFFICEKB]
2008-07-09 15:51 384000 ----a-w- c:\program files\Micro Innovations\Wireless Keyboard & Optical Mouse\KBDAP32A.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 21:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG]
2009-12-02 18:21 316736 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 20:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]
2009-12-02 22:32 75072 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-05-03 07:56 36975 ----a-w- c:\program files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Tardis 2000 V1.5\\Tardis.exe"=
"c:\\Program Files\\Common Files\\AOL\\1125104503\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Mr. Grabber\\MrGrabber.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18926:TCP"= 18926:TCP:BitComet 18926 TCP
"18926:UDP"= 18926:UDP:BitComet 18926 UDP
"27516:TCP"= 27516:TCP:BitComet 27516 TCP(ED2K)
"27516:UDP"= 27516:UDP:BitComet 27516 UDP(ED2K)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 36880]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/28/2010 2:20 PM 64288]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [3/28/2010 4:46 PM 95024]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 3:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [8/16/2007 3:24 PM 174592]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [11/22/2008 4:38 PM 20160]
S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\drivers\ubVeo532.sys [7/1/2002 6:30 PM 95232]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/17/2010 8:10 AM 1265264]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [8/16/2007 3:24 PM 20480]
S3 PAC207;CIF USB Camera;c:\windows\system32\drivers\PFC027.SYS [9/12/2008 7:31 AM 505984]

--- Other Services/Drivers In Memory ---

*Deregistered* - BMLoad

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-01-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-03 01:35]

2010-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 20:21]

2005-02-04 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4099545250.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 23:56]
.
.
------- Supplementary Scan -------
.
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: &Highlight - c:\windows\WEB\highlight.htm
IE: &Links List - c:\windows\WEB\urllist.htm
IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll/search.htm
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: I&mages List - c:\windows\Web\imglist.htm
IE: Open Frame in &New Window - c:\windows\WEB\frm2new.htm
IE: Open in new background tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/229?87c17793a9564dc5968f288f7fb2652
IE: Open in new foreground tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/230?87c17793a9564dc5968f288f7fb2652
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: Zoom &In - c:\windows\WEB\zoomin.htm
IE: Zoom O&ut - c:\windows\WEB\zoomout.htm
LSP: bmnet.dll
Trusted Zone: fdl.microsoft,com
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\fdl
Trusted Zone: msn.com
Trusted Zone: msn.com\moneycentral
Trusted Zone: passport.net
Trusted Zone: schwab.com
Trusted Zone: schwab.com\www
Trusted Zone: sears.com\www
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\SONNY\Application Data\Mozilla\Firefox\Profiles\37uwhie1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/result ... DEF&v=4&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client ... S:official
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/result ... S&v=4&tid={7DAC1792-A080-21C2-1CAE-91EF252D6397}&q=
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\PayPal\PayPal Plug-In\components\PayPalPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-29 23:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\??????Z????`??Z???Z`??Z???????????????Z???Z???Z???Z$??????Z???????????????Z???????????Z???w????(????3?w???w?????3?w ??w???Z:???????d???r??Z1??Z???Zd??????Z?-?Z????z??w8h?Z\2?Z?1?Zhtinst.INI?Z?u?Z????d????????E?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\bmnet.dll

- - - - - - - > 'explorer.exe'(2140)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\mst software\mst Defrag\mstDfrgS.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
c:\program files\Raxco\PerfectDisk10Install\PDAgent.exe
c:\windows\system32\slmdmsr.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
.
**************************************************************************
.
Completion time: 2010-07-29 23:31:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-30 04:31
ComboFix2.txt 2010-07-25 19:48

Pre-Run: 26,236,284,928 bytes free
Post-Run: 26,384,896,000 bytes free

- - End Of File - - EE2B2CCEC6449BBE56E0FAE0968F6772

rkinner · **Posted:** Thu 7/29/10 11:04 pm

I think we still need to clean out the old java program. Let's just use combofix to do it for us.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Folder::
C:\Program Files\Java

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

That should get rid of all of the javas on your PC.

Download the offline install for java from
http://javadl.sun.com/webapps/download/ ... leId=41290
Close all browsers then install it.

Ron

redbear01 · **Joined:** Wed 7/21/10 09:51 pm **Posts:** 6

Here is the new log, will install the new Java tommorow.

ComboFix 10-07-29.01 - SONNY 07/30/2010 18:53:15.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1561 [GMT -5:00]
Running from: c:\documents and settings\SONNY\Desktop\george.exe
Command switches used :: c:\documents and settings\SONNY\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Java
c:\program files\Java\jre1.5.0_07\bin\awt.dll
c:\program files\Java\jre1.5.0_07\bin\axbridge.dll
c:\program files\Java\jre1.5.0_07\bin\client\classes.jsa
c:\program files\Java\jre1.5.0_07\bin\client\jvm.dll
c:\program files\Java\jre1.5.0_07\bin\client\Xusage.txt
c:\program files\Java\jre1.5.0_07\bin\cmm.dll
c:\program files\Java\jre1.5.0_07\bin\dcpr.dll
c:\program files\Java\jre1.5.0_07\bin\deploy.dll
c:\program files\Java\jre1.5.0_07\bin\dt_shmem.dll
c:\program files\Java\jre1.5.0_07\bin\dt_socket.dll
c:\program files\Java\jre1.5.0_07\bin\fontmanager.dll
c:\program files\Java\jre1.5.0_07\bin\hpi.dll
c:\program files\Java\jre1.5.0_07\bin\hprof.dll
c:\program files\Java\jre1.5.0_07\bin\instrument.dll
c:\program files\Java\jre1.5.0_07\bin\ioser12.dll
c:\program files\Java\jre1.5.0_07\bin\j2pkcs11.dll
c:\program files\Java\jre1.5.0_07\bin\jaas_nt.dll
c:\program files\Java\jre1.5.0_07\bin\java.dll
c:\program files\Java\jre1.5.0_07\bin\java.exe
c:\program files\Java\jre1.5.0_07\bin\java_crw_demo.dll
c:\program files\Java\jre1.5.0_07\bin\javacpl.exe
c:\program files\Java\jre1.5.0_07\bin\javaw.exe
c:\program files\Java\jre1.5.0_07\bin\JavaWebStart.dll
c:\program files\Java\jre1.5.0_07\bin\javaws.exe
c:\program files\Java\jre1.5.0_07\bin\jawt.dll
c:\program files\Java\jre1.5.0_07\bin\JdbcOdbc.dll
c:\program files\Java\jre1.5.0_07\bin\jdwp.dll
c:\program files\Java\jre1.5.0_07\bin\jpeg.dll
c:\program files\Java\jre1.5.0_07\bin\jpicom32.dll
c:\program files\Java\jre1.5.0_07\bin\jpicpl32.cpl
c:\program files\Java\jre1.5.0_07\bin\jpiexp32.dll
c:\program files\Java\jre1.5.0_07\bin\jpinscp.dll
c:\program files\Java\jre1.5.0_07\bin\jpioji.dll
c:\program files\Java\jre1.5.0_07\bin\jpishare.dll
c:\program files\Java\jre1.5.0_07\bin\jsound.dll
c:\program files\Java\jre1.5.0_07\bin\jsoundds.dll
c:\program files\Java\jre1.5.0_07\bin\jucheck.exe
c:\program files\Java\jre1.5.0_07\bin\jusched.exe
c:\program files\Java\jre1.5.0_07\bin\keytool.exe
c:\program files\Java\jre1.5.0_07\bin\kinit.exe
c:\program files\Java\jre1.5.0_07\bin\klist.exe
c:\program files\Java\jre1.5.0_07\bin\ktab.exe
c:\program files\Java\jre1.5.0_07\bin\management.dll
c:\program files\Java\jre1.5.0_07\bin\net.dll
c:\program files\Java\jre1.5.0_07\bin\nio.dll
c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll
c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll
c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll
c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll
c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll
c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll
c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll
c:\program files\Java\jre1.5.0_07\bin\orbd.exe
c:\program files\Java\jre1.5.0_07\bin\pack200.exe
c:\program files\Java\jre1.5.0_07\bin\policytool.exe
c:\program files\Java\jre1.5.0_07\bin\RegUtils.dll
c:\program files\Java\jre1.5.0_07\bin\rmi.dll
c:\program files\Java\jre1.5.0_07\bin\rmid.exe
c:\program files\Java\jre1.5.0_07\bin\rmiregistry.exe
c:\program files\Java\jre1.5.0_07\bin\servertool.exe
c:\program files\Java\jre1.5.0_07\bin\ssv.dll
c:\program files\Java\jre1.5.0_07\bin\tnameserv.exe
c:\program files\Java\jre1.5.0_07\bin\unicows.dll
c:\program files\Java\jre1.5.0_07\bin\unpack.dll
c:\program files\Java\jre1.5.0_07\bin\unpack200.exe
c:\program files\Java\jre1.5.0_07\bin\verify.dll
c:\program files\Java\jre1.5.0_07\bin\w2k_lsa_auth.dll
c:\program files\Java\jre1.5.0_07\bin\zip.dll
c:\program files\Java\jre1.5.0_07\CHANGES
c:\program files\Java\jre1.5.0_07\COPYRIGHT
c:\program files\Java\jre1.5.0_07\lib\classlist
c:\program files\Java\jre1.5.0_07\lib\cmm\CIEXYZ.pf
c:\program files\Java\jre1.5.0_07\lib\cmm\GRAY.pf
c:\program files\Java\jre1.5.0_07\lib\cmm\LINEAR_RGB.pf
c:\program files\Java\jre1.5.0_07\lib\cmm\sRGB.pf
c:\program files\Java\jre1.5.0_07\lib\content-types.properties
c:\program files\Java\jre1.5.0_07\lib\deploy.jar
c:\program files\Java\jre1.5.0_07\lib\ext\dnsns.jar
c:\program files\Java\jre1.5.0_07\lib\ext\QTJava.zip
c:\program files\Java\jre1.5.0_07\lib\ext\sunjce_provider.jar
c:\program files\Java\jre1.5.0_07\lib\ext\sunpkcs11.jar
c:\program files\Java\jre1.5.0_07\lib\flavormap.properties
c:\program files\Java\jre1.5.0_07\lib\fontconfig.98.bfc
c:\program files\Java\jre1.5.0_07\lib\fontconfig.98.properties.src
c:\program files\Java\jre1.5.0_07\lib\fontconfig.bfc
c:\program files\Java\jre1.5.0_07\lib\fontconfig.Me.bfc
c:\program files\Java\jre1.5.0_07\lib\fontconfig.Me.properties.src
c:\program files\Java\jre1.5.0_07\lib\fontconfig.properties.src
c:\program files\Java\jre1.5.0_07\lib\fonts\LucidaSansRegular.ttf
c:\program files\Java\jre1.5.0_07\lib\i386\jvm.cfg
c:\program files\Java\jre1.5.0_07\lib\im\indicim.jar
c:\program files\Java\jre1.5.0_07\lib\im\thaiim.jar
c:\program files\Java\jre1.5.0_07\lib\images\cursors\cursors.properties
c:\program files\Java\jre1.5.0_07\lib\images\cursors\invalid32x32.gif
c:\program files\Java\jre1.5.0_07\lib\images\cursors\win32_CopyDrop32x32.gif
c:\program files\Java\jre1.5.0_07\lib\images\cursors\win32_CopyNoDrop32x32.gif
c:\program files\Java\jre1.5.0_07\lib\images\cursors\win32_LinkDrop32x32.gif
c:\program files\Java\jre1.5.0_07\lib\images\cursors\win32_LinkNoDrop32x32.gif
c:\program files\Java\jre1.5.0_07\lib\images\cursors\win32_MoveDrop32x32.gif
c:\program files\Java\jre1.5.0_07\lib\images\cursors\win32_MoveNoDrop32x32.gif
c:\program files\Java\jre1.5.0_07\lib\javaws.jar
c:\program files\Java\jre1.5.0_07\lib\javaws\messages.properties
c:\program files\Java\jre1.5.0_07\lib\javaws\messages_de.properties
c:\program files\Java\jre1.5.0_07\lib\javaws\messages_es.properties
c:\program files\Java\jre1.5.0_07\lib\javaws\messages_fr.properties
c:\program files\Java\jre1.5.0_07\lib\javaws\messages_it.properties
c:\program files\Java\jre1.5.0_07\lib\javaws\messages_ja.properties
c:\program files\Java\jre1.5.0_07\lib\javaws\messages_ko.properties
c:\program files\Java\jre1.5.0_07\lib\javaws\messages_sv.properties
c:\program files\Java\jre1.5.0_07\lib\javaws\messages_zh_CN.properties
c:\program files\Java\jre1.5.0_07\lib\javaws\messages_zh_HK.properties
c:\program files\Java\jre1.5.0_07\lib\javaws\messages_zh_TW.properties
c:\program files\Java\jre1.5.0_07\lib\javaws\miniSplash.jpg
c:\program files\Java\jre1.5.0_07\lib\jce.jar
c:\program files\Java\jre1.5.0_07\lib\jsse.jar
c:\program files\Java\jre1.5.0_07\lib\jvm.hprof.txt
c:\program files\Java\jre1.5.0_07\lib\logging.properties
c:\program files\Java\jre1.5.0_07\lib\management\jmxremote.access
c:\program files\Java\jre1.5.0_07\lib\management\jmxremote.password.template
c:\program files\Java\jre1.5.0_07\lib\management\management.properties
c:\program files\Java\jre1.5.0_07\lib\management\snmp.acl.template
c:\program files\Java\jre1.5.0_07\lib\net.properties
c:\program files\Java\jre1.5.0_07\lib\plugin.jar
c:\program files\Java\jre1.5.0_07\lib\psfont.properties.ja
c:\program files\Java\jre1.5.0_07\lib\psfontj2d.properties
c:\program files\Java\jre1.5.0_07\lib\rt.jar
c:\program files\Java\jre1.5.0_07\lib\security\cacerts
c:\program files\Java\jre1.5.0_07\lib\security\java.policy
c:\program files\Java\jre1.5.0_07\lib\security\java.security
c:\program files\Java\jre1.5.0_07\lib\security\javaws.policy
c:\program files\Java\jre1.5.0_07\lib\security\local_policy.jar
c:\program files\Java\jre1.5.0_07\lib\security\US_export_policy.jar
c:\program files\Java\jre1.5.0_07\lib\sound.properties
c:\program files\Java\jre1.5.0_07\lib\tzmappings
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Abidjan
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Accra
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Addis_Ababa
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Algiers
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Asmera
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Bamako
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Bangui
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Banjul
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Bissau
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Blantyre
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Brazzaville
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Bujumbura
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Cairo
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Casablanca
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Ceuta
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Conakry
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Dakar
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Dar_es_Salaam
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Djibouti
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Douala
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\El_Aaiun
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Freetown
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Gaborone
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Harare
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Johannesburg
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Kampala
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Khartoum
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Kigali
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Kinshasa
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Lagos
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Libreville
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Lome
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Luanda
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Lubumbashi
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Lusaka
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Malabo
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Maputo
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Maseru
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Mbabane
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Mogadishu
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Monrovia
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Nairobi
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Ndjamena
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Niamey
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Nouakchott
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Ouagadougou
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Porto-Novo
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Sao_Tome
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Tripoli
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Tunis
c:\program files\Java\jre1.5.0_07\lib\zi\Africa\Windhoek
c:\program files\Java\jre1.5.0_07\lib\zi\America\Adak
c:\program files\Java\jre1.5.0_07\lib\zi\America\Anchorage
c:\program files\Java\jre1.5.0_07\lib\zi\America\Anguilla
c:\program files\Java\jre1.5.0_07\lib\zi\America\Antigua
c:\program files\Java\jre1.5.0_07\lib\zi\America\Araguaina
c:\program files\Java\jre1.5.0_07\lib\zi\America\Argentina\Buenos_Aires
c:\program files\Java\jre1.5.0_07\lib\zi\America\Argentina\Catamarca
c:\program files\Java\jre1.5.0_07\lib\zi\America\Argentina\Cordoba
c:\program files\Java\jre1.5.0_07\lib\zi\America\Argentina\Jujuy
c:\program files\Java\jre1.5.0_07\lib\zi\America\Argentina\La_Rioja
c:\program files\Java\jre1.5.0_07\lib\zi\America\Argentina\Mendoza
c:\program files\Java\jre1.5.0_07\lib\zi\America\Argentina\Rio_Gallegos
c:\program files\Java\jre1.5.0_07\lib\zi\America\Argentina\San_Juan
c:\program files\Java\jre1.5.0_07\lib\zi\America\Argentina\Tucuman
c:\program files\Java\jre1.5.0_07\lib\zi\America\Argentina\Ushuaia
c:\program files\Java\jre1.5.0_07\lib\zi\America\Aruba
c:\program files\Java\jre1.5.0_07\lib\zi\America\Asuncion
c:\program files\Java\jre1.5.0_07\lib\zi\America\Bahia
c:\program files\Java\jre1.5.0_07\lib\zi\America\Barbados
c:\program files\Java\jre1.5.0_07\lib\zi\America\Belem
c:\program files\Java\jre1.5.0_07\lib\zi\America\Belize
c:\program files\Java\jre1.5.0_07\lib\zi\America\Boa_Vista
c:\program files\Java\jre1.5.0_07\lib\zi\America\Bogota
c:\program files\Java\jre1.5.0_07\lib\zi\America\Boise
c:\program files\Java\jre1.5.0_07\lib\zi\America\Cambridge_Bay
c:\program files\Java\jre1.5.0_07\lib\zi\America\Campo_Grande
c:\program files\Java\jre1.5.0_07\lib\zi\America\Cancun
c:\program files\Java\jre1.5.0_07\lib\zi\America\Caracas
c:\program files\Java\jre1.5.0_07\lib\zi\America\Cayenne
c:\program files\Java\jre1.5.0_07\lib\zi\America\Cayman
c:\program files\Java\jre1.5.0_07\lib\zi\America\Chicago
c:\program files\Java\jre1.5.0_07\lib\zi\America\Chihuahua
c:\program files\Java\jre1.5.0_07\lib\zi\America\Coral_Harbour
c:\program files\Java\jre1.5.0_07\lib\zi\America\Costa_Rica
c:\program files\Java\jre1.5.0_07\lib\zi\America\Cuiaba
c:\program files\Java\jre1.5.0_07\lib\zi\America\Curacao
c:\program files\Java\jre1.5.0_07\lib\zi\America\Danmarkshavn
c:\program files\Java\jre1.5.0_07\lib\zi\America\Dawson
c:\program files\Java\jre1.5.0_07\lib\zi\America\Dawson_Creek
c:\program files\Java\jre1.5.0_07\lib\zi\America\Denver
c:\program files\Java\jre1.5.0_07\lib\zi\America\Detroit
c:\program files\Java\jre1.5.0_07\lib\zi\America\Dominica
c:\program files\Java\jre1.5.0_07\lib\zi\America\Edmonton
c:\program files\Java\jre1.5.0_07\lib\zi\America\Eirunepe
c:\program files\Java\jre1.5.0_07\lib\zi\America\El_Salvador
c:\program files\Java\jre1.5.0_07\lib\zi\America\Fortaleza
c:\program files\Java\jre1.5.0_07\lib\zi\America\Glace_Bay
c:\program files\Java\jre1.5.0_07\lib\zi\America\Godthab
c:\program files\Java\jre1.5.0_07\lib\zi\America\Goose_Bay
c:\program files\Java\jre1.5.0_07\lib\zi\America\Grand_Turk
c:\program files\Java\jre1.5.0_07\lib\zi\America\Grenada
c:\program files\Java\jre1.5.0_07\lib\zi\America\Guadeloupe
c:\program files\Java\jre1.5.0_07\lib\zi\America\Guatemala
c:\program files\Java\jre1.5.0_07\lib\zi\America\Guayaquil
c:\program files\Java\jre1.5.0_07\lib\zi\America\Guyana
c:\program files\Java\jre1.5.0_07\lib\zi\America\Halifax
c:\program files\Java\jre1.5.0_07\lib\zi\America\Havana
c:\program files\Java\jre1.5.0_07\lib\zi\America\Hermosillo
c:\program files\Java\jre1.5.0_07\lib\zi\America\Indiana\Indianapolis
c:\program files\Java\jre1.5.0_07\lib\zi\America\Indiana\Knox
c:\program files\Java\jre1.5.0_07\lib\zi\America\Indiana\Marengo
c:\program files\Java\jre1.5.0_07\lib\zi\America\Indiana\Vevay
c:\program files\Java\jre1.5.0_07\lib\zi\America\Inuvik
c:\program files\Java\jre1.5.0_07\lib\zi\America\Iqaluit
c:\program files\Java\jre1.5.0_07\lib\zi\America\Jamaica
c:\program files\Java\jre1.5.0_07\lib\zi\America\Juneau
c:\program files\Java\jre1.5.0_07\lib\zi\America\Kentucky\Louisville
c:\program files\Java\jre1.5.0_07\lib\zi\America\Kentucky\Monticello
c:\program files\Java\jre1.5.0_07\lib\zi\America\La_Paz
c:\program files\Java\jre1.5.0_07\lib\zi\America\Lima
c:\program files\Java\jre1.5.0_07\lib\zi\America\Los_Angeles
c:\program files\Java\jre1.5.0_07\lib\zi\America\Maceio
c:\program files\Java\jre1.5.0_07\lib\zi\America\Managua
c:\program files\Java\jre1.5.0_07\lib\zi\America\Manaus
c:\program files\Java\jre1.5.0_07\lib\zi\America\Martinique
c:\program files\Java\jre1.5.0_07\lib\zi\America\Mazatlan
c:\program files\Java\jre1.5.0_07\lib\zi\America\Menominee
c:\program files\Java\jre1.5.0_07\lib\zi\America\Merida
c:\program files\Java\jre1.5.0_07\lib\zi\America\Mexico_City
c:\program files\Java\jre1.5.0_07\lib\zi\America\Miquelon
c:\program files\Java\jre1.5.0_07\lib\zi\America\Monterrey
c:\program files\Java\jre1.5.0_07\lib\zi\America\Montevideo
c:\program files\Java\jre1.5.0_07\lib\zi\America\Montreal
c:\program files\Java\jre1.5.0_07\lib\zi\America\Montserrat
c:\program files\Java\jre1.5.0_07\lib\zi\America\Nassau
c:\program files\Java\jre1.5.0_07\lib\zi\America\New_York
c:\program files\Java\jre1.5.0_07\lib\zi\America\Nipigon
c:\program files\Java\jre1.5.0_07\lib\zi\America\Nome
c:\program files\Java\jre1.5.0_07\lib\zi\America\Noronha
c:\program files\Java\jre1.5.0_07\lib\zi\America\North_Dakota\Center
c:\program files\Java\jre1.5.0_07\lib\zi\America\Panama
c:\program files\Java\jre1.5.0_07\lib\zi\America\Pangnirtung
c:\program files\Java\jre1.5.0_07\lib\zi\America\Paramaribo
c:\program files\Java\jre1.5.0_07\lib\zi\America\Phoenix
c:\program files\Java\jre1.5.0_07\lib\zi\America\Port-au-Prince
c:\program files\Java\jre1.5.0_07\lib\zi\America\Port_of_Spain
c:\program files\Java\jre1.5.0_07\lib\zi\America\Porto_Velho
c:\program files\Java\jre1.5.0_07\lib\zi\America\Puerto_Rico
c:\program files\Java\jre1.5.0_07\lib\zi\America\Rainy_River
c:\program files\Java\jre1.5.0_07\lib\zi\America\Rankin_Inlet
c:\program files\Java\jre1.5.0_07\lib\zi\America\Recife
c:\program files\Java\jre1.5.0_07\lib\zi\America\Regina
c:\program files\Java\jre1.5.0_07\lib\zi\America\Rio_Branco
c:\program files\Java\jre1.5.0_07\lib\zi\America\Santiago
c:\program files\Java\jre1.5.0_07\lib\zi\America\Santo_Domingo
c:\program files\Java\jre1.5.0_07\lib\zi\America\Sao_Paulo
c:\program files\Java\jre1.5.0_07\lib\zi\America\Scoresbysund
c:\program files\Java\jre1.5.0_07\lib\zi\America\St_Johns
c:\program files\Java\jre1.5.0_07\lib\zi\America\St_Kitts
c:\program files\Java\jre1.5.0_07\lib\zi\America\St_Lucia
c:\program files\Java\jre1.5.0_07\lib\zi\America\St_Thomas
c:\program files\Java\jre1.5.0_07\lib\zi\America\St_Vincent
c:\program files\Java\jre1.5.0_07\lib\zi\America\Swift_Current
c:\program files\Java\jre1.5.0_07\lib\zi\America\Tegucigalpa
c:\program files\Java\jre1.5.0_07\lib\zi\America\Thule
c:\program files\Java\jre1.5.0_07\lib\zi\America\Thunder_Bay
c:\program files\Java\jre1.5.0_07\lib\zi\America\Tijuana
c:\program files\Java\jre1.5.0_07\lib\zi\America\Toronto
c:\program files\Java\jre1.5.0_07\lib\zi\America\Tortola
c:\program files\Java\jre1.5.0_07\lib\zi\America\Vancouver
c:\program files\Java\jre1.5.0_07\lib\zi\America\Whitehorse
c:\program files\Java\jre1.5.0_07\lib\zi\America\Winnipeg
c:\program files\Java\jre1.5.0_07\lib\zi\America\Yakutat
c:\program files\Java\jre1.5.0_07\lib\zi\America\Yellowknife
c:\program files\Java\jre1.5.0_07\lib\zi\Antarctica\Casey
c:\program files\Java\jre1.5.0_07\lib\zi\Antarctica\Davis
c:\program files\Java\jre1.5.0_07\lib\zi\Antarctica\DumontDUrville
c:\program files\Java\jre1.5.0_07\lib\zi\Antarctica\Mawson
c:\program files\Java\jre1.5.0_07\lib\zi\Antarctica\McMurdo
c:\program files\Java\jre1.5.0_07\lib\zi\Antarctica\Palmer
c:\program files\Java\jre1.5.0_07\lib\zi\Antarctica\Rothera
c:\program files\Java\jre1.5.0_07\lib\zi\Antarctica\Syowa
c:\program files\Java\jre1.5.0_07\lib\zi\Antarctica\Vostok
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Aden
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Almaty
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Amman
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Anadyr
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Aqtau
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Aqtobe
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Ashgabat
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Baghdad
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Bahrain
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Baku
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Bangkok
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Beirut
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Bishkek
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Brunei
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Calcutta
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Choibalsan
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Chongqing
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Colombo
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Damascus
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Dhaka
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Dili
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Dubai
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Dushanbe
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Gaza
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Harbin
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Hong_Kong
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Hovd
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Irkutsk
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Jakarta
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Jayapura
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Jerusalem
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Kabul
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Kamchatka
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Karachi
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Kashgar
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Katmandu
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Krasnoyarsk
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Kuala_Lumpur
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Kuching
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Kuwait
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Macau
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Magadan
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Makassar
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Manila
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Muscat
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Nicosia
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Novosibirsk
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Omsk
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Oral
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Phnom_Penh
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Pontianak
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Pyongyang
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Qatar
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Qyzylorda
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Rangoon
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Riyadh
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Riyadh87
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Riyadh88
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Riyadh89
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Saigon
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Sakhalin
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Samarkand
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Seoul
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Shanghai
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Singapore
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Taipei
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Tashkent
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Tbilisi
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Tehran
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Thimphu
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Tokyo
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Ulaanbaatar
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Urumqi
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Vientiane
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Vladivostok
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Yakutsk
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Yekaterinburg
c:\program files\Java\jre1.5.0_07\lib\zi\Asia\Yerevan
c:\program files\Java\jre1.5.0_07\lib\zi\Atlantic\Azores
c:\program files\Java\jre1.5.0_07\lib\zi\Atlantic\Bermuda
c:\program files\Java\jre1.5.0_07\lib\zi\Atlantic\Canary
c:\program files\Java\jre1.5.0_07\lib\zi\Atlantic\Cape_Verde
c:\program files\Java\jre1.5.0_07\lib\zi\Atlantic\Faeroe
c:\program files\Java\jre1.5.0_07\lib\zi\Atlantic\Madeira
c:\program files\Java\jre1.5.0_07\lib\zi\Atlantic\Reykjavik
c:\program files\Java\jre1.5.0_07\lib\zi\Atlantic\South_Georgia
c:\program files\Java\jre1.5.0_07\lib\zi\Atlantic\St_Helena
c:\program files\Java\jre1.5.0_07\lib\zi\Atlantic\Stanley
c:\program files\Java\jre1.5.0_07\lib\zi\Australia\Adelaide
c:\program files\Java\jre1.5.0_07\lib\zi\Australia\Brisbane
c:\program files\Java\jre1.5.0_07\lib\zi\Australia\Broken_Hill
c:\program files\Java\jre1.5.0_07\lib\zi\Australia\Currie
c:\program files\Java\jre1.5.0_07\lib\zi\Australia\Darwin
c:\program files\Java\jre1.5.0_07\lib\zi\Australia\Hobart
c:\program files\Java\jre1.5.0_07\lib\zi\Australia\Lindeman
c:\program files\Java\jre1.5.0_07\lib\zi\Australia\Lord_Howe
c:\program files\Java\jre1.5.0_07\lib\zi\Australia\Melbourne
c:\program files\Java\jre1.5.0_07\lib\zi\Australia\Perth
c:\program files\Java\jre1.5.0_07\lib\zi\Australia\Sydney
c:\program files\Java\jre1.5.0_07\lib\zi\CET
c:\program files\Java\jre1.5.0_07\lib\zi\EET
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT-1
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT-10
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT-11
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT-12
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT-13
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT-14
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT-2
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT-3
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT-4
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT-5
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT-6
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT-7
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT-8
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT-9
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT+1
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT+10
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT+11
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT+12
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT+2
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT+3
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT+4
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT+5
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT+6
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT+7
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT+8
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\GMT+9
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\UCT
c:\program files\Java\jre1.5.0_07\lib\zi\Etc\UTC
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Amsterdam
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Andorra
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Athens
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Belgrade
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Berlin
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Brussels
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Bucharest
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Budapest
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Chisinau
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Copenhagen
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Dublin
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Gibraltar
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Helsinki
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Istanbul
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Kaliningrad
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Kiev
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Lisbon
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\London
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Luxembourg
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Madrid
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Malta
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Minsk
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Monaco
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Moscow
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Oslo
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Paris
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Prague
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Riga
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Rome
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Samara
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Simferopol
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Sofia
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Stockholm
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Tallinn
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Tirane
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Uzhgorod
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Vaduz
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Vienna
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Vilnius
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Warsaw
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Zaporozhye
c:\program files\Java\jre1.5.0_07\lib\zi\Europe\Zurich
c:\program files\Java\jre1.5.0_07\lib\zi\GMT
c:\program files\Java\jre1.5.0_07\lib\zi\Indian\Antananarivo
c:\program files\Java\jre1.5.0_07\lib\zi\Indian\Chagos
c:\program files\Java\jre1.5.0_07\lib\zi\Indian\Christmas
c:\program files\Java\jre1.5.0_07\lib\zi\Indian\Cocos
c:\program files\Java\jre1.5.0_07\lib\zi\Indian\Comoro
c:\program files\Java\jre1.5.0_07\lib\zi\Indian\Kerguelen
c:\program files\Java\jre1.5.0_07\lib\zi\Indian\Mahe
c:\program files\Java\jre1.5.0_07\lib\zi\Indian\Maldives
c:\program files\Java\jre1.5.0_07\lib\zi\Indian\Mauritius
c:\program files\Java\jre1.5.0_07\lib\zi\Indian\Mayotte
c:\program files\Java\jre1.5.0_07\lib\zi\Indian\Reunion
c:\program files\Java\jre1.5.0_07\lib\zi\MET
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Apia
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Auckland
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Chatham
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Easter
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Efate
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Enderbury
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Fakaofo
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Fiji
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Funafuti
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Galapagos
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Gambier
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Guadalcanal
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Guam
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Honolulu
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Johnston
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Kiritimati
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Kosrae
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Kwajalein
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Majuro
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Marquesas
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Midway
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Nauru
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Niue
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Norfolk
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Noumea
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Pago_Pago
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Palau
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Pitcairn
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Ponape
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Port_Moresby
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Rarotonga
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Saipan
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Tahiti
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Tarawa
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Tongatapu
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Truk
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Wake
c:\program files\Java\jre1.5.0_07\lib\zi\Pacific\Wallis
c:\program files\Java\jre1.5.0_07\lib\zi\WET
c:\program files\Java\jre1.5.0_07\lib\zi\ZoneInfoMappings
c:\program files\Java\jre1.5.0_07\LICENSE
c:\program files\Java\jre1.5.0_07\PATCH.ERR
c:\program files\Java\jre1.5.0_07\README.txt
c:\program files\Java\jre1.5.0_07\THIRDPARTYLICENSEREADME.txt
c:\program files\Java\jre1.5.0_07\Welcome.html

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
.

2010-07-24 22:53 . 2010-07-24 22:57 -------- d-----w- c:\documents and settings\SONNY\Application Data\GetRight
2010-07-14 05:57 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 11:41 . 2006-05-28 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-07-29 17:59 . 2008-10-04 21:04 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-29 17:59 . 2008-10-04 21:04 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-26 13:48 . 2008-07-08 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2010-07-24 23:57 . 2004-09-26 01:13 73952 ----a-w- c:\documents and settings\SONNY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-24 23:56 . 2010-03-28 19:07 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{AE7A0398-3EE6-4B79-B2B0-E01BBEB9B268}
2010-07-24 23:27 . 2004-11-01 05:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-24 23:27 . 2004-11-01 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-24 23:02 . 2004-11-10 04:47 -------- d-----w- c:\program files\RegVac
2010-07-24 23:01 . 2004-09-26 17:57 -------- d-----w- c:\program files\RFA
2010-07-24 22:59 . 2004-09-26 18:13 -------- d-----w- c:\program files\GetRight
2010-07-24 22:52 . 2007-05-21 04:59 -------- d-----w- c:\program files\BitComet
2010-07-24 19:44 . 2004-09-26 17:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-18 14:22 . 2004-09-29 03:12 -------- d-----w- c:\documents and settings\SONNY\Application Data\AdobeUM
2010-06-15 10:37 . 2010-06-15 10:37 133648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-06-15 10:37 . 2010-06-15 10:37 133720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-06-14 14:31 . 2004-09-26 00:28 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-04 22:35 . 2009-06-23 01:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-06 10:41 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2003-03-31 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2007-01-27 00:29 . 2007-01-27 00:29 614400 ----a-w- c:\program files\Common Files\ezUpdaterVb6.dll
2007-01-23 23:38 . 2007-01-23 23:38 454656 ----a-w- c:\program files\Common Files\ezSignInEbay2.ocx
2007-01-23 19:50 . 2007-01-23 19:50 2741 ----a-w- c:\program files\Common Files\ezs.dta
2007-01-21 18:40 . 2007-01-21 18:40 40960 ----a-w- c:\program files\Common Files\cjErrHandler.dll
2006-12-12 10:23 . 2006-12-12 10:23 78384 -c--a-w- c:\program files\MySpaceIM_Setup.exe
2005-12-24 18:08 . 2005-12-24 18:08 258048 ----a-w- c:\program files\Common Files\eDropShadow.ocx
2004-11-06 19:06 . 2004-11-06 19:06 8 --sh--r- c:\windows\system32\578BC53B8D.sys
2004-11-06 19:29 . 2004-11-06 19:06 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-01 00:39 . 2008-10-04 21:09 58008864 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-01 00:39 . 2008-10-04 21:09 852256 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-01 00:50 . 2009-09-01 00:50 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2002-12-19 28672]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-21 340456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-09-29 9347072]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-6-23 221247]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher S.lnk]
backup=c:\windows\pss\Exif Launcher S.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-07-04 20:00 109056 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-04 01:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-11 01:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
2008-07-09 15:51 356352 ----a-w- c:\program files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 16:01 319488 ----a-w- c:\windows\Pixart\Pac207\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2009-09-29 02:16 9347072 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 18:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 18:22 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 18:22 1622016 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OFFICEKB]
2008-07-09 15:51 384000 ----a-w- c:\program files\Micro Innovations\Wireless Keyboard & Optical Mouse\KBDAP32A.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 21:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG]
2009-12-02 18:21 316736 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 20:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]
2009-12-02 22:32 75072 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Tardis 2000 V1.5\\Tardis.exe"=
"c:\\Program Files\\Common Files\\AOL\\1125104503\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Mr. Grabber\\MrGrabber.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18926:TCP"= 18926:TCP:BitComet 18926 TCP
"18926:UDP"= 18926:UDP:BitComet 18926 UDP
"27516:TCP"= 27516:TCP:BitComet 27516 TCP(ED2K)
"27516:UDP"= 27516:UDP:BitComet 27516 UDP(ED2K)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 36880]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/28/2010 2:20 PM 64288]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [3/28/2010 4:46 PM 95024]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 3:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [11/22/2008 4:38 PM 20160]
S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\drivers\ubVeo532.sys [7/1/2002 6:30 PM 95232]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/17/2010 8:10 AM 1265264]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [8/16/2007 3:24 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [8/16/2007 3:24 PM 174592]
S3 PAC207;CIF USB Camera;c:\windows\system32\drivers\PFC027.SYS [9/12/2008 7:31 AM 505984]

--- Other Services/Drivers In Memory ---

*Deregistered* - BMLoad

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-01-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-03 01:35]

2010-07-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 20:21]

2005-02-04 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4099545250.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 23:56]
.
.
------- Supplementary Scan -------
.
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: &Highlight - c:\windows\WEB\highlight.htm
IE: &Links List - c:\windows\WEB\urllist.htm
IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll/search.htm
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: I&mages List - c:\windows\Web\imglist.htm
IE: Open Frame in &New Window - c:\windows\WEB\frm2new.htm
IE: Open in new background tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/229?87c17793a9564dc5968f288f7fb2652
IE: Open in new foreground tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/230?87c17793a9564dc5968f288f7fb2652
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: Zoom &In - c:\windows\WEB\zoomin.htm
IE: Zoom O&ut - c:\windows\WEB\zoomout.htm
LSP: bmnet.dll
Trusted Zone: fdl.microsoft,com
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\fdl
Trusted Zone: msn.com
Trusted Zone: msn.com\moneycentral
Trusted Zone: passport.net
Trusted Zone: schwab.com
Trusted Zone: schwab.com\www
Trusted Zone: sears.com\www
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\SONNY\Application Data\Mozilla\Firefox\Profiles\37uwhie1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/result ... DEF&v=4&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client ... S:official
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/result ... S&v=4&tid={7DAC1792-A080-21C2-1CAE-91EF252D6397}&q=
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\PayPal\PayPal Plug-In\components\PayPalPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_07\bin\jusched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 19:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\??????Z????`??Z???Z`??Z???????????????Z???Z???Z???Z$??????Z???????????????Z???????????Z???w????(????3?w???w?????3?w ??w???Z:???????d???r??Z1??Z???Zd??????Z?-?Z????z??w8h?Z\2?Z?1?Zhtinst.INI?Z?u?Z????d????????E?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\bmnet.dll
.
Completion time: 2010-07-30 19:19:27
ComboFix-quarantined-files.txt 2010-07-31 00:19
ComboFix2.txt 2010-07-30 04:32
ComboFix3.txt 2010-07-25 19:48

Pre-Run: 26,495,287,296 bytes free
Post-Run: 26,479,820,800 bytes free

- - End Of File - - 18D589587CACC8D754C5FD28374AA30C

AumHa Forums

Some open IE Browser windows closing, random restarts

Who is online