Page 3 of 11 FirstFirst 1234567 ... LastLast
Results 21 to 30 of 106

Thread: Blocked from running Spybot or any other malware remover

  1. #21
    Member
    Join Date
    Aug 2011
    Location
    New York City
    Posts
    61

    Default

    Okay, I'll let it run as long as it needs to then. I am a night owl, in fact, so I'll try to keep an eye on it for the next 2 to 3 hours.

    Thanks for everything so far!

  2. #22
    Member
    Join Date
    Aug 2011
    Location
    New York City
    Posts
    61

    Default

    Okay, I let it run for 4 hours more and still nothing changed. So finally I had to quit ComboFix and do a hard reboot. After starting my PC again, I ran ComobFix one more time.

    This time it updated itself before starting a new scan. Again, it made it past Stage 50, then stalled once more. I left it running for 1 hour, then had to do a forced quit once more. I've given up on trying to get a log out of this program now. It refuses to let me reach the end of the scan.

    So, what next?

    --Ryodin

    P.S. -- I've downloaded my 4th copy of OTL to my infected machine and will give that another chance. Keep in my mind that I still have 3 previous copies that refuse to be accessed or deleted. I don't know how to get rid of those. This 4th copy, however, seems to actually be working now. I'm in the process of running an actual scan in OTL! I've never gotten this far before! Will post the two logs from this if I get that far.

  3. #23
    Member
    Join Date
    Aug 2011
    Location
    New York City
    Posts
    61

    Default

    Phew! For a second there it seemed like OTL stalled halfway through as well. But then I walked away and came back in an hour and found the two log files waiting for me!

    So, first I'm going to paste the OTL log below. In my next post, I'll paste the Extras log separately.


    ==========================================================
    OTL logfile created on: 8/21/2011 5:27:38 AM - Run 1
    OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\David Batista\Desktop\OTL3
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.53% Memory free
    3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.23% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.73 Gb Total Space | 37.75 Gb Free Space | 33.79% Space Free | Partition Type: NTFS
    Drive F: | 931.48 Gb Total Space | 657.48 Gb Free Space | 70.58% Space Free | Partition Type: NTFS

    Computer Name: D139KB41 | User Name: David Batista | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\David Batista\Desktop\OTL3\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    PRC - C:\Documents and Settings\David Batista\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
    PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
    PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
    PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
    PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
    PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    PRC - C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)


    ========== Modules (No Company Name) ==========

    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
    MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
    MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll ()
    MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
    MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll ()
    MOD - C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll ()
    MOD - C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\LXBLPP5C.DLL ()


    ========== Win32 Services (SafeList) ==========

    SRV - (HidServ) -- File not found
    SRV - (AppMgmt) -- File not found
    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe ()
    SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
    SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
    SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
    SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
    SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
    SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
    SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
    SRV - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
    SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe (Sony Corporation)
    SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe (Sony Corporation)
    SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (mfehidk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys (McAfee, Inc.)
    DRV - (mfefirek) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys (McAfee, Inc.)
    DRV - (mfeavfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys (McAfee, Inc.)
    DRV - (mfeapfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys (McAfee, Inc.)
    DRV - (mfetdi2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys (McAfee, Inc.)
    DRV - (mferkdet) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys (McAfee, Inc.)
    DRV - (mfendiskmp) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys (McAfee, Inc.)
    DRV - (mfendisk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys (McAfee, Inc.)
    DRV - (mfebopk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys (McAfee, Inc.)
    DRV - (cfwids) -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys (McAfee, Inc.)
    DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
    DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
    DRV - (WDC_SAM) -- C:\WINDOWS\SYSTEM32\DRIVERS\wdcsam.sys (Western Digital Technologies)
    DRV - (BVRPMPR5) -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS (Avanquest Software)
    DRV - (Serial) -- C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys ()
    DRV - (PalmUSBD) -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys (PalmSource, Inc.)
    DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
    DRV - (GoProto) -- C:\WINDOWS\SYSTEM32\DRIVERS\goprot51.sys (Gteko Ltd.)
    DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
    DRV - (SDDMI2) -- C:\WINDOWS\SYSTEM32\DDMI2.sys (Gteko Ltd.)
    DRV - (RIOUNIV) -- C:\WINDOWS\SYSTEM32\DRIVERS\RIOUNIV.SYS (Digital Networks North America, Inc.)
    DRV - (Jukebox) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctpdusb2.sys (Creative Technology Ltd.)
    DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel(R) Corporation)
    DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel(R) Corporation)
    DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel(R) Corporation)
    DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel(R) Corporation)
    DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel(R) Corporation)
    DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel(R) Corporation)
    DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel(R) Corporation)
    DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel(R) Corporation)
    DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel(R) Corporation)
    DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel(R) Corporation)
    DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
    DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
    DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)
    DRV - (SbcpHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\SbcpHid.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 22 D2 04 02 82 18 EE 45 BA B4 82 4C BA 7E EB 8F [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\\npViewpoint.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/08 17:26:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/12/09 23:11:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/06/17 15:58:14 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/08 17:26:30 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/12/09 23:11:49 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/06/17 15:58:14 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2010/05/12 21:10:38 | 000,394,487 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 13648 more lines...
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110820163657.dll (McAfee, Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
    O4 - Startup: C:\Documents and Settings\David Batista\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\David Batista\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Documents and Settings\David Batista\Start Menu\Programs\Startup\HotSync Manager.LNK = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
    O4 - Startup: C:\Documents and Settings\David Batista\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
    O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
    O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.microsoft.com/downlo...?1080172047671 (MSSecurityAdvisor Class)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeup...ntent/opuc.cab (Office Update Installation Engine)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/sh...4/mcinsctl.cab (McAfee.com Operating System Class)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} http://www.webshots.com/samplers/WSDownloader.ocx (WSDownloader Control)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase5483.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1216138451140 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1164772634593 (MUWebControl Class)
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/download...1/axofupld.cab (Ofoto Upload Manager Class)
    O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/download...2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} http://www.microsoft.com/security/controls/DoomCln.CAB (DoomCln Object)
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab (DwnldGroupMgr Class)
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemrequirementslab.com/sysreqlab.cab (System Requirements Lab Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/is...42/mcfscan.cab (McFreeScan Class)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/J...etupClient.cab (JuniperSetupClientControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\David Batista\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\David Batista\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2002/09/03 10:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/08/21 05:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Batista\Desktop\OTL3
    [2011/08/21 05:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    [2011/08/21 03:27:54 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2011/08/20 21:20:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/08/20 21:20:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/08/20 21:20:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/08/20 21:20:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/08/20 21:20:36 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/08/20 21:20:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David Batista\Start Menu\Programs\Administrative Tools
    [2011/08/20 20:02:04 | 004,179,400 | R--- | C] (Swearware) -- C:\Documents and Settings\David Batista\Desktop\ComboFix.exe
    [2011/08/20 17:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Batista\Desktop\OTL2
    [2011/08/20 17:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Batista\Desktop\tdsskiller
    [2011/08/20 11:59:52 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\David Batista\Desktop\aswMBR.exe
    [2011/08/20 10:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Batista\Desktop\Logs
    [2011/08/19 19:31:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2011/08/18 22:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Batista\Start Menu\Programs\HiJackThis
    [2011/08/13 19:51:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Batista\Desktop\Justified Season 2
    [2011/07/23 11:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2011/07/23 11:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2006/03/25 20:23:03 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/08/21 05:18:09 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
    [2011/08/21 05:16:56 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
    [2011/08/21 05:16:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2011/08/21 03:26:42 | 004,179,400 | R--- | M] (Swearware) -- C:\Documents and Settings\David Batista\Desktop\ComboFix.exe
    [2011/08/20 17:12:22 | 001,389,603 | ---- | M] () -- C:\Documents and Settings\David Batista\Desktop\tdsskiller.zip
    [2011/08/20 17:07:18 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\David Batista\Desktop\rkill.exe
    [2011/08/20 16:08:57 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\David Batista\Desktop\exeHelper.com
    [2011/08/20 11:59:52 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\David Batista\Desktop\aswMBR.exe
    [2011/08/20 11:59:19 | 000,580,096 | ---- | M] () -- C:\Documents and Settings\David Batista\Desktop\OTL.exe
    [2011/08/20 10:59:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/08/19 18:19:22 | 072,274,320 | ---- | M] () -- C:\Documents and Settings\David Batista\Desktop\msert.exe
    [2011/08/18 23:03:55 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2011/08/13 21:52:13 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\David Batista\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/08/13 12:13:04 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/08/10 18:03:29 | 000,460,718 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
    [2011/08/10 18:03:29 | 000,079,804 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
    [2011/08/10 17:59:10 | 052,390,856 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
    [2011/07/31 13:05:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
    [2011/07/31 13:05:34 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
    [2011/07/25 11:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/08/20 21:20:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/08/20 21:20:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/08/20 21:20:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/08/20 21:20:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/08/20 21:20:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/08/20 17:12:22 | 001,389,603 | ---- | C] () -- C:\Documents and Settings\David Batista\Desktop\tdsskiller.zip
    [2011/08/20 17:07:16 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\David Batista\Desktop\rkill.exe
    [2011/08/20 16:08:57 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\David Batista\Desktop\exeHelper.com
    [2011/08/20 11:59:17 | 000,580,096 | ---- | C] () -- C:\Documents and Settings\David Batista\Desktop\OTL.exe
    [2011/08/19 18:19:17 | 072,274,320 | ---- | C] () -- C:\Documents and Settings\David Batista\Desktop\msert.exe
    [2011/05/29 13:02:53 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
    [2011/05/29 13:02:53 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
    [2011/04/08 18:05:09 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat.temp
    [2011/04/08 17:08:21 | 000,207,553 | ---- | C] () -- C:\WINDOWS\hpwins28.dat
    [2011/04/08 17:08:21 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat
    [2011/01/09 19:13:14 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2011/01/08 12:23:23 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
    [2011/01/05 20:50:26 | 000,003,018 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
    [2011/01/05 20:49:12 | 000,522,928 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
    [2011/01/05 20:49:12 | 000,017,766 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
    [2010/12/27 02:45:44 | 000,365,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2009/11/14 22:13:04 | 000,055,524 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2008/03/12 18:45:04 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2008/02/16 11:54:31 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
    [2008/02/16 11:54:31 | 000,003,453 | ---- | C] () -- C:\WINDOWS\unins000.dat
    [2007/06/20 22:44:39 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
    [2006/12/25 15:08:14 | 000,115,200 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/08/29 20:43:15 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
    [2006/06/05 22:00:42 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\DC5F143025.sys
    [2006/01/29 17:40:02 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\2530145FDC.sys
    [2006/01/29 17:37:52 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/01/12 01:15:15 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2006/01/12 01:15:15 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2005/11/23 00:00:00 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
    [2005/11/06 23:30:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2005/11/06 23:19:14 | 000,000,907 | ---- | C] () -- C:\WINDOWS\DIPLOMA.INI
    [2005/11/06 23:19:08 | 000,000,143 | ---- | C] () -- C:\WINDOWS\BRGVARS.INI
    [2005/11/06 23:18:21 | 000,000,367 | ---- | C] () -- C:\WINDOWS\SETUPEXE.INI
    [2005/11/02 23:20:48 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2005/09/26 15:37:48 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
    [2005/08/12 17:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2005/05/11 23:33:09 | 052,390,856 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
    [2005/03/05 20:35:36 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
    [2004/12/04 21:20:04 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\David Batista\Local Settings\Application Data\fusioncache.dat
    [2004/11/28 18:58:31 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\BurnData.bin
    [2004/09/30 18:37:44 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/09/06 16:05:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2004/06/16 21:44:49 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
    [2004/03/29 22:19:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
    [2004/03/27 18:43:43 | 000,095,440 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
    [2004/03/27 18:43:40 | 000,009,372 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2004/03/21 23:10:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\StaticIm.dll
    [2004/03/21 23:10:51 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VService.dll
    [2004/02/28 01:30:47 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PdSACKey.sys
    [2004/02/21 19:40:33 | 000,003,859 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
    [2004/02/21 17:04:33 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
    [2004/02/21 17:03:51 | 000,000,021 | ---- | C] () -- C:\WINDOWS\phbase.ini
    [2004/02/21 17:03:01 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2004/02/21 17:01:55 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
    [2004/02/21 17:00:25 | 000,001,652 | ---- | C] () -- C:\WINDOWS\pstudio.ini
    [2004/02/21 17:00:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
    [2004/02/21 17:00:25 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
    [2004/02/21 03:27:14 | 000,098,304 | ---- | C] () -- C:\Documents and Settings\David Batista\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2004/02/21 03:21:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
    [2004/02/21 01:54:56 | 000,000,427 | ---- | C] () -- C:\WINDOWS\lexstat.ini
    [2004/02/17 04:57:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/02/17 04:48:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2004/02/17 04:45:36 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
    [2004/02/17 04:41:25 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2004/02/17 04:40:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2004/02/17 04:37:36 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/02/17 04:25:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2004/02/17 04:23:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/02/17 04:23:34 | 000,460,718 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
    [2004/02/17 04:23:34 | 000,079,804 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
    [2004/02/17 04:23:23 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/02/17 04:11:26 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2003/11/16 05:48:02 | 000,909,312 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
    [2003/11/16 05:48:00 | 001,060,864 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2003/11/15 12:54:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
    [2003/08/14 00:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2003/03/26 10:23:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBLIH.EXE
    [2003/03/26 10:19:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
    [2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/11/13 11:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll
    [2002/10/06 18:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
    [2002/09/03 11:05:08 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2002/09/03 10:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2002/09/03 10:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2002/09/03 10:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2002/09/03 10:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
    [2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
    [2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
    [2002/08/29 07:00:00 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\serial.sys
    [2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
    [2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
    [2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
    [2001/07/19 10:52:39 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
    [2001/01/19 11:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
    [1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

    ========== LOP Check ==========

    [2007/08/18 14:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
    [2007/08/18 14:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
    [2011/08/18 22:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
    [2010/08/16 17:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
    [2004/11/28 19:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
    [2006/03/26 17:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
    [2004/02/17 04:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/12/23 01:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
    [2006/12/23 20:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2011/01/09 13:58:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    [2010/04/01 21:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/10 21:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/05/20 19:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2011/01/01 14:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\Canon
    [2008/09/28 15:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\CoreCodec
    [2011/08/21 05:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\Dropbox
    [2009/07/25 12:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\FUJIFILM
    [2007/08/18 14:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\HotSync
    [2009/11/24 21:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\ieSpell
    [2011/01/08 15:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\iolo
    [2010/08/16 17:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\Juniper Networks
    [2004/02/21 17:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\Leadertech
    [2006/08/29 20:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\Musicmatch
    [2005/10/07 17:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\Red Chair Software
    [2007/01/28 14:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\Viewpoint
    [2011/08/18 23:03:55 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >
    [2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
    [2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE


    < MD5 for: AGP440.SYS >
    [2004/09/30 18:41:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
    [2008/07/22 22:04:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
    [2004/09/30 18:41:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
    [2008/07/22 22:04:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DLLCACHE\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
    [2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
    [2001/08/17 15:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

    < MD5 for: ATAPI.SYS >
    [2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
    [2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
    [2004/09/30 18:41:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
    [2008/07/22 22:04:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
    [2004/09/30 18:41:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
    [2008/07/22 22:04:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2002/08/29 03:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
    [2002/08/29 03:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DLLCACHE\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
    [2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2003/04/23 11:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\DLLCACHE\eventlog.dll
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
    [2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
    [2002/08/29 07:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\DLLCACHE\netlogon.dll
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
    [2002/08/29 07:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
    [2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2002/08/29 07:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\DLLCACHE\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [15 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2002/09/03 10:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
    [2002/09/03 10:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
    [2002/09/03 10:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV

    < End of report >
    =========================================================


    --Ryodin

  4. #24
    Member
    Join Date
    Aug 2011
    Location
    New York City
    Posts
    61

    Default

    Here is the Extras log:


    =========================================================
    OTL Extras logfile created on: 8/21/2011 5:27:38 AM - Run 1
    OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\David Batista\Desktop\OTL3
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.53% Memory free
    3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.23% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.73 Gb Total Space | 37.75 Gb Free Space | 33.79% Space Free | Partition Type: NTFS
    Drive F: | 931.48 Gb Total Space | 657.48 Gb Free Space | 70.58% Space Free | Partition Type: NTFS

    Computer Name: D139KB41 | User Name: David Batista | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
    "10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
    "10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
    "10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
    "10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
    "10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
    "10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
    "10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
    "10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
    "10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
    "10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Palm\HOTSYNC.EXE" = C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application -- (PalmSource, Inc)
    "C:\Program Files\Red Chair Software\Dudebox Explorer\dudemgr.exe" = C:\Program Files\Red Chair Software\Dudebox Explorer\dudemgr.exe:*:Enabled:Red Chair Manager -- (Red Chair Software, Inc.)
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
    "C:\Program Files\Red Chair Software\Deubox Explorer\deumgr.exe" = C:\Program Files\Red Chair Software\Deubox Explorer\deumgr.exe:*:Enabled:Deubox Xtreamer -- (Red Chair Software, Inc.)
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
    "C:\Documents and Settings\David Batista\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\David Batista\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
    "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
    "C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
    "{26C849AB-1865-412D-B87D-B18BC5CB6C60}" = OpenMG Secure Module 3.4.01
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
    "{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
    "{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
    "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
    "{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Lexmark Photo Center
    "{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
    "{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
    "{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
    "{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.0.06
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
    "{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
    "{81D62C32-0984-11D3-86CD-00105AD33021}" = Caere Scan Manager 5.1
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
    "{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
    "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
    "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{98D451C4-4ACA-4273-BB47-57CFE46B048E}" = WD SmartWare
    "{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
    "{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
    "{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}" = Palm
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
    "{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
    "{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
    "{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{EB807EB6-5179-48B7-98D4-7B4934A57A81}" = Documents To Go
    "{ED55BFEF-90F3-4926-9536-D94FDBBF65DC}" = Zune
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F445476A-42DE-11D4-80D0-00C04F2750A6}" = Epocrates Essentials
    "{FA66D65A-6413-43AF-8F29-B22EFEC29869}" = Diagnosaurus
    "{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
    "360Share" = 360Share(remove only)
    "Ad-Aware" = Ad-Aware
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "ArcSoft PhotoBase" = ArcSoft PhotoBase
    "ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
    "AudibleDownloadManager" = Audible Download Manager
    "BitLord" = BitLord 1.1
    "BitTorrent" = BitTorrent 3.4.1
    "CAL" = Canon Camera Access Library
    "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
    "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V.9x 56K DF PCI Modem
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
    "CSCLIB" = Canon Camera Support Core Library
    "dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
    "dBpoweramp Music Converter" = dBpoweramp Music Converter
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "Dell File Manager" = Dell File Manager
    "Deubox Explorer" = Deubox Explorer (remove only)
    "Dudebox Explorer" = Dudebox Explorer (remove only)
    "E0429B4C05C33DC75CE1CFFF1BAEFFAC69815744" = Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0)
    "EOS Utility" = Canon Utilities EOS Utility
    "FLV Player2.0.25" = FLV Player
    "HaaliMkx" = Haali Media Splitter
    "HijackThis" = HijackThis 2.0.2
    "HP Document Manager" = HP Document Manager 2.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "ieSpell" = ieSpell
    "InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
    "InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
    "InstallShield_{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Lexmark Photo Center
    "InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
    "Java Web Start" = Java Web Start
    "Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
    "Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MKV TO AVI CONVERTER_is1" = MKV TO AVI CONVERTER version 3.1
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MSC" = McAfee SecurityCenter
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Netscape (7.1)" = Netscape (7.1)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
    "OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
    "OpenMG HotFix3.4-04-14-17-01" = OpenMG Limited Patch 3.4-04-17-06-01
    "Optimum Online net guide" = Optimum Online net guide
    "PhotoStitch" = Canon Utilities PhotoStitch
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
    "Sandlot Games Client Services_is1" = Sandlot Games Client Services
    "Scrivener 021" = Scrivener
    "Scrivener 022" = Scrivener
    "Shop for HP Supplies" = Shop for HP Supplies
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "Super Bounce Out!" = Super Bounce Out!
    "System Requirements Lab" = System Requirements Lab
    "The Core Media Player" = The Core Media Player 4.0
    "ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
    "Webshots Desktop" = Webshots Desktop
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinMX" = WinMX
    "WinRAR archiver" = WinRAR archiver
    "WinZip" = WinZip
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XviD_is1" = XviD MPEG-4 Video Codec
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1
    "Adobe Digital Editions" = Adobe Digital Editions
    "Dropbox" = Dropbox
    "Juniper_Setup_Client" = Juniper Networks Setup Client
    "Lexi-CONNECT" = Lexi-CONNECT

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 6/20/2011 11:05:11 PM | Computer Name = D139KB41 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 6/20/2011 11:05:11 PM | Computer Name = D139KB41 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 6/20/2011 11:05:11 PM | Computer Name = D139KB41 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 6/20/2011 11:05:11 PM | Computer Name = D139KB41 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 6/26/2011 1:04:52 PM | Computer Name = D139KB41 | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 7/9/2011 8:34:09 PM | Computer Name = D139KB41 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module mshtml.dll, version 8.0.6001.19088, fault address 0x0029c203.

    Error - 7/21/2011 5:06:54 PM | Computer Name = D139KB41 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 7/24/2011 1:06:33 PM | Computer Name = D139KB41 | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 7/31/2011 1:05:52 PM | Computer Name = D139KB41 | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 8/3/2011 11:31:24 PM | Computer Name = D139KB41 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 8/21/2011 3:39:35 AM | Computer Name = D139KB41 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0x80070057'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 8/21/2011 3:39:35 AM | Computer Name = D139KB41 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0x80070057'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 8/21/2011 4:51:02 AM | Computer Name = D139KB41 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 8/21/2011 5:08:53 AM | Computer Name = D139KB41 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 8/21/2011 5:18:44 AM | Computer Name = D139KB41 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0x80070057'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 8/21/2011 5:18:46 AM | Computer Name = D139KB41 | Source = ZuneNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0x80070057'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in the Zune software,
    and then restart the ZuneNetworkSvc service.

    Error - 8/21/2011 5:18:46 AM | Computer Name = D139KB41 | Source = ZuneNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0x80070057'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in the Zune software,
    and then restart the ZuneNetworkSvc service.

    Error - 8/21/2011 5:18:46 AM | Computer Name = D139KB41 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0x80070057'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 8/21/2011 5:52:40 AM | Computer Name = D139KB41 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 8/21/2011 6:10:31 AM | Computer Name = D139KB41 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.


    < End of report >
    =========================================================


    --Ryodin

  5. #25
    Senior Member
    Join Date
    Aug 2010
    Location
    Near Atlanta, GA
    Posts
    189

    Default

    I apologize for not telling you earlier, combofix.txt is on c:\

  6. #26
    Member
    Join Date
    Aug 2011
    Location
    New York City
    Posts
    61

    Default

    Oh, I know. I looked for it, but it's not there. There's a folder called "ComboFix" on my C: drive, but when I double click on it, it shows me an identical map of my "My Computer" folder. Meaning, I see all my drives and external hardware listed just as if I had clicked open the "My Computer" folder. It's strange. I can't find a .txt file related to ComboFix anywhere, either.

    As I mentioned before, I can't seem to get to the end of the scan with ComboFix where it generates a log.

  7. #27
    Member
    Join Date
    Aug 2011
    Location
    New York City
    Posts
    61

    Default

    Bill,

    I just received a warning from my McAfee Security Center informing me that it is blocking a potentially unwanted program from running on my PC.

    Here's the message:

    "About This Potentially Unwanted Program
    Name: Tool-NirCmd
    Quarantined from: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP921\A0129834.exe"

    McAfee is asking me if I want to "Remove" or "Allow" the program. What should I do?

    --Ryodin

  8. #28
    Senior Member
    Join Date
    Aug 2010
    Location
    Near Atlanta, GA
    Posts
    189

    Default

    That file is in the C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624} witch is the location of your system restore point data and files. I would leave it. We will delete all old restore points that may contain infections, soon. If you wish you can turn off system restore now and loose all of your restore points and data, restart system restore and create a restore point now.

  9. #29
    Member
    Join Date
    Aug 2011
    Location
    New York City
    Posts
    61

    Default

    Okay, I'll leave it. And I don't want to mess around with the system restore points until we're completely done.

    Thanks, Bill!

    --Ryodin

  10. #30
    Senior Member
    Join Date
    Aug 2010
    Location
    Near Atlanta, GA
    Posts
    189

    Default

    Greetings Ryodin,
    We really need to see the combofix log, so let's try it this way. Please note there are a couple of changed steps.

    First
    Boot to Safe mode with networking by restarting your PC and begin tapping the F8 key at one second intervals. When the Windows Advanced Options menu appears use the arrow key to scroll down to Safe Mode with Networking. Hit enter and boot to a desktop.

    Next
    ***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***
    Download Combofix from any of the links below. Save it to your desktop. When saving select Save As ... and change the name to ryod.exe.

    Link 1
    Link 2




    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •