Hi Delta.
Thanks for your help.
A little more background if it may help you
The website that I get directed to is RegistryDefender.com That happens the first time after I open a browser after rebooting the machine. Other times a new tab will open on an open browser and it will open to a random web site.
Also, at times the computer will be virtually unuseable because the CPU has gone to 100%, with most of the activity being one instance of svchost.exe
Whatever has infected my machined had also dropped 3 or 4 shortcuts to porn sites on my desk top. I have deleted them and emptied my trash.
The OTL logs are posted below. I ran GMER and hit the copy button, then when I went to create the text document my computer rebooted. I will try and run GMER in safe mode to see if I can get you a log, but hopefully these OTL files will help. Also, AOL Malware caught some files which I quarantined, and MalwareBytes Antimalware caught some stuff that I also had it fix, but the problem persists.
OTL.TXT
OTL logfile created on: 8/1/2010 2:23:06 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Paul Graf\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.00 Mb Total Physical Memory | 196.00 Mb Available Physical Memory | 38.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 52.41 Gb Free Space | 46.91% Space Free | Partition Type: NTFS
Drive D: | 95.78 Mb Total Space | 3.50 Mb Free Space | 3.66% Space Free | Partition Type: FAT
Drive E: | 586.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PAUL
Current User Name: Paul Graf
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Paul Graf\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSM\McSmtFwk.exe (McAfee, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\1148647217\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s.)
PRC - C:\Program Files\NoAds\NoAds.exe (South Bay Software)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Paul Graf\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)
MOD - C:\WINDOWS\SYSTEM32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\NoAds\NoAds.dll ()
MOD - C:\WINDOWS\SYSTEM32\SERWVDRV.DLL (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\UMDMXFRM.DLL (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AOLService) -- C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\aolserv.exe File not found
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AutoSyncService) -- C:\Program Files\Memeo\AutoSync\MemeoService.exe (Memeo)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (ewido anti-spyware 4.0 guard) -- C:\Program Files\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s.)
SRV - (awhost32) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (NMSSvc) Intel(R) -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe (Intel Corporation)
========== Driver Services (SafeList) ========== DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (iAimTV2) -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys File not found
DRV - (catchme) -- C:\DOCUME~1\PAULGR~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (MPFP) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys (McAfee, Inc.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (mfehidk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys (McAfee, Inc.)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (tmcomm) -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys (Trend Micro Inc.)
DRV - (ewido anti-spyware 4.0 driver) -- C:\Program Files\ewido anti-spyware 4.0\guard.sys ()
DRV - (AW_HOST) -- C:\WINDOWS\SYSTEM32\DRIVERS\AW_HOST5.sys (Symantec Corporation)
DRV - (awecho) -- C:\WINDOWS\SYSTEM32\DRIVERS\awechomd.sys (Symantec Corporation)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel(R) Corporation)
DRV - (Gernuwa) -- C:\WINDOWS\System32\drivers\GERNUWA.sys (Symantec Corporation)
DRV - (papycpu2) -- C:\WINDOWS\System32\DRIVERS\papycpu2.sys ()
DRV - (papyjoy) -- C:\WINDOWS\System32\DRIVERS\papyjoy.sys ()
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (P16X) Creative SB Live! Series (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys (Creative Technology Ltd.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems)
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)
DRV - (NMSCFG) -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS (Intel Corporation)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (V124) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_V124.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_TONE.sys (Conexant)
DRV - (hsf_msft) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.sys (Conexant)
DRV - (SpeakerPhone) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SPKP.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SAMP.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_K56K.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FALL.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FAXX.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FSKS.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_BSC2.sys (Conexant)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)
DRV - (hidgame) -- C:\WINDOWS\SYSTEM32\DRIVERS\hidgame.sys (Microsoft Corporation)
DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS (Creative Technology Ltd.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ie IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.comIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page =
http://www.dellnet.comIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.comIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page =
http://www.dellnet.comIE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.aol.comIE - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.pogo.com/home/home.do"
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems:
moveplayer@movenetworks.com:7
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/22 18:34:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/20 22:51:29 | 000,000,000 | ---D | M]
[2008/09/10 23:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul Graf\Application Data\Mozilla\Extensions
[2010/07/31 17:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul Graf\Application Data\Mozilla\Firefox\Profiles\ls9hoxy3.default\extensions
[2009/09/02 16:47:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Paul Graf\Application Data\Mozilla\Firefox\Profiles\ls9hoxy3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/30 10:58:57 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Application Data\Mozilla\Firefox\Profiles\ls9hoxy3.default\searchplugins\search-the-web.xml
[2010/07/31 17:50:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/10 09:18:10 | 000,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2009/02/18 23:51:39 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/03/12 18:34:18 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint_0305000D.dll
[2008/06/03 01:35:57 | 000,002,275 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\aolsearch.xml
O1 HOSTS File: ([2002/08/29 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148647217\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005..\Run: [NoAds] C:\Program Files\NoAds\NoAds.exe (South Bay Software)
O4 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.exe (Verizon Internet Solutions)
O9 - Extra 'Tools' menuitem : Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.exe (Verizon Internet Solutions)
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (Yahoo! Inc.)
O15 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
http://www.kaspersky.com/kos/eng/partne ... nicode.cab (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1}
http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
http://download.yahoo.com/dl/installs/yinst0309.cab (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71}
http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab (DLM Control)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B}
http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215}
http://download.microsoft.com/download/ ... leaner.cab (Malicious Software Removal Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
http://bin.mcafee.com/molbin/shared/mci ... insctl.cab (McAfee.com Operating System Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
http://acs.pandasoftware.com/activescan ... asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: 6th Street Omaha Poker by pogo
http://game1.pogo.com/applet-6.6.4.21/o ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Aces Up! by pogo
http://game1.pogo.com/applet-6.6.4.29/a ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Ali Baba Slots TM by pogo
http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Backgammon by pogo
http://game1.pogo.com/applet-6.3.3.27/b ... assets.cab (Reg Error: Key error.)
O16 - DPF: Battle Phlinx by pogo
http://game1.pogo.com/applet-6.4.0.34/b ... assets.cab (Reg Error: Key error.)
O16 - DPF: Blackjack by pogo
http://game1.pogo.com/applet-6.6.0.34/b ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Bowling by pogo
http://game1.pogo.com/applet-6.6.4.29/b ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Bump by pogo
http://www.pogo.com/applet-6.5.2.33/bump/bump-en_US.cab (Reg Error: Key error.)
O16 - DPF: Canasta by pogo
http://game1.pogo.com/applet-6.5.4.34/c ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Checkers by pogo
http://game1.pogo.com/applet-6.5.3.37/c ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Chess by pogo
http://game1.pogo.com/applet-6.5.4.27/c ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Cribbage by pogo
http://game1.pogo.com/applet-6.5.5.36/c ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Dice Derby by pogo
http://game1.pogo.com/applet-6.6.2.21/c ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes
file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Dominoes by pogo
http://game1.pogo.com/applet-6.6.4.29/d ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Double Deuce Poker by pogo
http://game1.pogo.com/applet-6.4.0.34/v ... assets.cab (Reg Error: Key error.)
O16 - DPF: Euchre by pogo
http://game1.pogo.com/applet-6.6.0.27/e ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: First Class Solitaire by pogo
http://game1.pogo.com/applet-6.6.2.21/f ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Fortune Bingo by pogo
http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Harvest Mania by pogo
http://game1.pogo.com/applet-6.6.3.34/h ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Hearts by pogo
http://game1.pogo.com/applet-6.6.4.29/h ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: High Stakes Poker by pogo
http://game1.pogo.com/applet-6.5.4.27/d ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: High Stakes Pool by pogo
http://game1.pogo.com/applet-6.4.4.34/p ... assets.cab (Reg Error: Key error.)
O16 - DPF: Jigsaw Detective by pogo
http://game1.pogo.com/applet-6.6.2.21/j ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Jokers Wild Poker by pogo
http://game1.pogo.com/applet-6.6.0.34/v ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Jungle Gin by pogo
http://game1.pogo.com/applet-6.6.2.35/gin/gin-en_US.cab (Reg Error: Key error.)
O16 - DPF: Keno by pogo
http://game1.pogo.com/applet-6.6.0.34/k ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Lost Temple Poker by pogo
http://game1.pogo.com/applet-6.6.3.34/m ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Lottso by pogo
http://game1.pogo.com/applet-6.6.4.21/l ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Mah Jong Garden by pogo
http://game1.pogo.com/applet-6.5.2.33/m ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java
file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Multiline Slots by pogo
http://game1.pogo.com/applet-6.4.4.34/m ... assets.cab (Reg Error: Key error.)
O16 - DPF: Pai Gow by pogo
http://game1.pogo.com/applet-6.4.4.34/p ... assets.cab (Reg Error: Key error.)
O16 - DPF: Payday FreeCell by pogo
http://game1.pogo.com/applet-6.5.3.37/f ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Penguin Blocks by pogo
http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Perfect Pair Solitaire by pogo
http://game1.pogo.com/applet-6.6.0.27/w ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Phlinx by pogo
http://game1.pogo.com/applet-6.6.1.37/f ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Pinochle by pogo
http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Pop Fu by pogo
http://game1.pogo.com/applet-6.5.3.44/p ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: PoppaZoppa by pogo
http://game1.pogo.com/applet-6.6.4.21/p ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Poppit by pogo
http://game1.pogo.com/applet-6.6.4.21/p ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Quick Quack by pogo
http://game1.pogo.com/applet-6.6.4.21/h ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Quick Shot by pogo
http://game1.pogo.com/applet-6.6.3.34/q ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: QWERTY by pogo
http://game1.pogo.com/applet-6.6.2.35/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Ride The Tide by pogo
http://game1.pogo.com/applet-6.5.3.37/r ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: SciFi Slots by pogo
http://game1.pogo.com/applet-6.6.1.37/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Showbiz Slots 2 by pogo
http://game1.pogo.com/applet-6.4.3.28/s ... assets.cab (Reg Error: Key error.)
O16 - DPF: Shuffle Bump by pogo
http://game1.pogo.com/applet-6.6.4.29/p ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Spades 2 by pogo
http://game1.pogo.com/applet-6.6.1.29/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Spider Solitaire by pogo
http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Squelchies by pogo
http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Stax by pogo
http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Stellar Sweeper by pogo
http://game1.pogo.com/applet-6.5.5.36/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Sweet Tooth TM by pogo
http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Texas Hold'em Poker by pogo
http://game1.pogo.com/applet-6.5.1.24/h ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Tri-Peaks by pogo
http://game1.pogo.com/applet-6.6.4.21/p ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Tumble Bees by pogo
http://game1.pogo.com/applet-6.6.2.21/j ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Turbo 21 TM by pogo
http://game1.pogo.com/applet-6.5.1.24/t ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Video Poker by pogo
http://game1.pogo.com/applet-6.4.0.41/v ... assets.cab (Reg Error: Key error.)
O16 - DPF: Wonderland Memories by pogo
http://game1.pogo.com/applet-6.6.4.21/m ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Whomp by pogo
http://game1.pogo.com/applet-6.6.4.21/w ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Whomp Whackdown by pogo
http://game1.pogo.com/applet-6.6.3.34/w ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: WordJong by pogo
http://game1.pogo.com/applet-6.6.1.29/w ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: World Class Solitaire by pogo
http://game1.pogo.com/applet-6.6.3.34/w ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Literati
http://download.games.yahoo.com/games/c ... /tt3_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! MahJong Solitaire
http://download.games.yahoo.com/games/c ... jst4_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pyramids
http://download.games.yahoo.com/games/c ... pyt1_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\mhtml - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Paul Graf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul Graf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 15:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/22 11:21:45 | 000,000,025 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\WINDOWS\TEMP\wmsdk64_32.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\WINDOWS\TEMP\wmsdk64_32.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ========== [2010/08/01 14:03:29 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul Graf\Desktop\OTL.exe
[2010/07/29 23:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/07/28 17:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/28 07:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/28 07:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/14 03:55:35 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/05 21:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul Graf\Desktop\2010-06NSC
[2004/12/13 09:57:36 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
[2003/01/15 13:06:32 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
========== Files - Modified Within 30 Days ========== [2010/08/01 14:07:47 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Desktop\xh4mi4rq.exe
[2010/08/01 14:03:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul Graf\Desktop\OTL.exe
[2010/08/01 13:45:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/01 10:24:46 | 000,035,653 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/08/01 10:24:01 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/08/01 10:21:06 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/01 10:20:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/01 10:20:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/01 10:20:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/08/01 10:20:38 | 535,871,488 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/01 10:18:36 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Paul Graf\NTUSER.DAT
[2010/08/01 10:18:36 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Paul Graf\NTUSER.INI
[2010/08/01 02:46:01 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/07/30 23:40:48 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/30 18:08:30 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Desktop\Badgeaddicts (0508).xls
[2010/07/29 22:41:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/29 07:02:05 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Desktop\Bad web page.doc
[2010/07/28 18:08:27 | 000,010,326 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Desktop\uninstall_list728
[2010/07/28 18:06:03 | 000,019,511 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Desktop\hijackthis728
[2010/07/28 18:04:43 | 000,002,455 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Desktop\HiJackThis.lnk
[2010/07/28 17:24:49 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/07/28 17:24:49 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/27 21:55:41 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Paul Graf\My Documents\New Youth Bowling League Coming to Stelton Lanes.doc
[2010/07/25 19:03:59 | 000,089,136 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/07/15 01:13:18 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/07/07 17:10:09 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/05 12:28:18 | 000,000,152 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
========== Files Created - No Company Name ========== [2010/08/01 14:07:40 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Paul Graf\Desktop\xh4mi4rq.exe
[2010/07/29 17:26:59 | 535,871,488 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/29 07:02:05 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Paul Graf\Desktop\Bad web page.doc
[2010/07/28 18:07:29 | 000,010,326 | ---- | C] () -- C:\Documents and Settings\Paul Graf\Desktop\uninstall_list728
[2010/07/28 18:06:03 | 000,019,511 | ---- | C] () -- C:\Documents and Settings\Paul Graf\Desktop\hijackthis728
[2010/07/28 18:03:57 | 000,002,455 | ---- | C] () -- C:\Documents and Settings\Paul Graf\Desktop\HiJackThis.lnk
[2010/07/28 17:24:49 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/27 20:08:00 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Paul Graf\My Documents\New Youth Bowling League Coming to Stelton Lanes.doc
[2009/07/21 22:32:32 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/11/24 23:52:27 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/09/07 17:28:32 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/09/05 19:33:08 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2006/05/24 14:22:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\slingo.INI
[2005/11/05 09:10:47 | 000,001,183 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/04/21 17:19:47 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Paul Graf.ini
[2005/03/27 21:41:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/07/16 20:29:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/07/16 20:22:49 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5c.DLL
[2004/05/25 22:34:03 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/05/16 22:21:06 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/01/03 11:51:39 | 000,000,420 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2003/12/28 17:09:13 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2003/12/28 17:09:13 | 000,000,296 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/11/12 19:45:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2003/10/06 14:16:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/10/06 14:16:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/10/06 14:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/10/06 14:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/09/07 00:44:18 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/08/15 19:44:32 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu2.sys
[2003/08/15 19:44:32 | 000,001,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2003/08/11 19:49:57 | 000,000,455 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/07/28 21:17:02 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/07/17 22:25:40 | 000,000,275 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2003/07/15 19:51:32 | 000,000,021 | ---- | C] () -- C:\WINDOWS\FH_setup.ini
[2003/03/27 17:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/03/17 19:32:00 | 000,000,028 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2003/02/22 12:30:14 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/02/14 13:24:40 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2003/02/14 13:23:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2003/02/14 13:13:54 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QFNOA.INI
[2003/02/14 13:09:02 | 000,000,627 | ---- | C] () -- C:\WINDOWS\INTU_ONL.INI
[2003/02/07 21:22:28 | 000,001,416 | ---- | C] () -- C:\WINDOWS\QfnOnl.ini
[2003/02/07 21:22:28 | 000,000,152 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/02/07 21:22:26 | 000,000,362 | ---- | C] () -- C:\WINDOWS\QDQICK.INI
[2003/02/07 21:22:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\ACCWIZ.INI
[2003/02/07 20:45:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\slingox.INI
[2003/01/15 13:15:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/15 13:06:50 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/01/15 13:06:33 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2003/01/15 13:06:33 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/01/15 13:06:32 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/01/15 13:06:31 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2003/01/15 13:06:31 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2003/01/15 13:06:31 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2003/01/15 13:06:01 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/01/15 13:02:35 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/15 12:40:36 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/09 10:32:16 | 000,000,885 | ---- | C] () -- C:\WINDOWS\LRUN32.INI
[2002/09/09 10:28:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/08/29 07:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\ONETW.DRV
[2002/02/06 11:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 17:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/10/24 17:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Paul Graf\Jesequifax090207:SummaryInformation
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EFDF5FB
< End of report >
EXTRAS.TXT
OTL logfile created on: 8/1/2010 2:23:06 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Paul Graf\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.00 Mb Total Physical Memory | 196.00 Mb Available Physical Memory | 38.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 52.41 Gb Free Space | 46.91% Space Free | Partition Type: NTFS
Drive D: | 95.78 Mb Total Space | 3.50 Mb Free Space | 3.66% Space Free | Partition Type: FAT
Drive E: | 586.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PAUL
Current User Name: Paul Graf
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Paul Graf\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSM\McSmtFwk.exe (McAfee, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\1148647217\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s.)
PRC - C:\Program Files\NoAds\NoAds.exe (South Bay Software)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Paul Graf\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)
MOD - C:\WINDOWS\SYSTEM32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\NoAds\NoAds.dll ()
MOD - C:\WINDOWS\SYSTEM32\SERWVDRV.DLL (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\UMDMXFRM.DLL (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AOLService) -- C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\aolserv.exe File not found
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AutoSyncService) -- C:\Program Files\Memeo\AutoSync\MemeoService.exe (Memeo)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (ewido anti-spyware 4.0 guard) -- C:\Program Files\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s.)
SRV - (awhost32) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (NMSSvc) Intel(R) -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe (Intel Corporation)
========== Driver Services (SafeList) ========== DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (iAimTV2) -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys File not found
DRV - (catchme) -- C:\DOCUME~1\PAULGR~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (MPFP) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys (McAfee, Inc.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (mfehidk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys (McAfee, Inc.)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (tmcomm) -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys (Trend Micro Inc.)
DRV - (ewido anti-spyware 4.0 driver) -- C:\Program Files\ewido anti-spyware 4.0\guard.sys ()
DRV - (AW_HOST) -- C:\WINDOWS\SYSTEM32\DRIVERS\AW_HOST5.sys (Symantec Corporation)
DRV - (awecho) -- C:\WINDOWS\SYSTEM32\DRIVERS\awechomd.sys (Symantec Corporation)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel(R) Corporation)
DRV - (Gernuwa) -- C:\WINDOWS\System32\drivers\GERNUWA.sys (Symantec Corporation)
DRV - (papycpu2) -- C:\WINDOWS\System32\DRIVERS\papycpu2.sys ()
DRV - (papyjoy) -- C:\WINDOWS\System32\DRIVERS\papyjoy.sys ()
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (P16X) Creative SB Live! Series (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys (Creative Technology Ltd.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems)
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)
DRV - (NMSCFG) -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS (Intel Corporation)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (V124) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_V124.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_TONE.sys (Conexant)
DRV - (hsf_msft) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.sys (Conexant)
DRV - (SpeakerPhone) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SPKP.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SAMP.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_K56K.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FALL.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FAXX.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FSKS.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_BSC2.sys (Conexant)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)
DRV - (hidgame) -- C:\WINDOWS\SYSTEM32\DRIVERS\hidgame.sys (Microsoft Corporation)
DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS (Creative Technology Ltd.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ie IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.comIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page =
http://www.dellnet.comIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.comIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page =
http://www.dellnet.comIE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.aol.comIE - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.pogo.com/home/home.do"
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems:
moveplayer@movenetworks.com:7
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/22 18:34:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/20 22:51:29 | 000,000,000 | ---D | M]
[2008/09/10 23:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul Graf\Application Data\Mozilla\Extensions
[2010/07/31 17:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul Graf\Application Data\Mozilla\Firefox\Profiles\ls9hoxy3.default\extensions
[2009/09/02 16:47:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Paul Graf\Application Data\Mozilla\Firefox\Profiles\ls9hoxy3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/30 10:58:57 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Application Data\Mozilla\Firefox\Profiles\ls9hoxy3.default\searchplugins\search-the-web.xml
[2010/07/31 17:50:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/10 09:18:10 | 000,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2009/02/18 23:51:39 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/03/12 18:34:18 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint_0305000D.dll
[2008/06/03 01:35:57 | 000,002,275 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\aolsearch.xml
O1 HOSTS File: ([2002/08/29 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148647217\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005..\Run: [NoAds] C:\Program Files\NoAds\NoAds.exe (South Bay Software)
O4 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.exe (Verizon Internet Solutions)
O9 - Extra 'Tools' menuitem : Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.exe (Verizon Internet Solutions)
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (Yahoo! Inc.)
O15 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
http://www.kaspersky.com/kos/eng/partne ... nicode.cab (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1}
http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
http://download.yahoo.com/dl/installs/yinst0309.cab (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71}
http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab (DLM Control)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B}
http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215}
http://download.microsoft.com/download/ ... leaner.cab (Malicious Software Removal Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
http://bin.mcafee.com/molbin/shared/mci ... insctl.cab (McAfee.com Operating System Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
http://acs.pandasoftware.com/activescan ... asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: 6th Street Omaha Poker by pogo
http://game1.pogo.com/applet-6.6.4.21/o ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Aces Up! by pogo
http://game1.pogo.com/applet-6.6.4.29/a ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Ali Baba Slots TM by pogo
http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Backgammon by pogo
http://game1.pogo.com/applet-6.3.3.27/b ... assets.cab (Reg Error: Key error.)
O16 - DPF: Battle Phlinx by pogo
http://game1.pogo.com/applet-6.4.0.34/b ... assets.cab (Reg Error: Key error.)
O16 - DPF: Blackjack by pogo
http://game1.pogo.com/applet-6.6.0.34/b ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Bowling by pogo
http://game1.pogo.com/applet-6.6.4.29/b ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Bump by pogo
http://www.pogo.com/applet-6.5.2.33/bump/bump-en_US.cab (Reg Error: Key error.)
O16 - DPF: Canasta by pogo
http://game1.pogo.com/applet-6.5.4.34/c ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Checkers by pogo
http://game1.pogo.com/applet-6.5.3.37/c ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Chess by pogo
http://game1.pogo.com/applet-6.5.4.27/c ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Cribbage by pogo
http://game1.pogo.com/applet-6.5.5.36/c ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Dice Derby by pogo
http://game1.pogo.com/applet-6.6.2.21/c ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes
file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Dominoes by pogo
http://game1.pogo.com/applet-6.6.4.29/d ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Double Deuce Poker by pogo
http://game1.pogo.com/applet-6.4.0.34/v ... assets.cab (Reg Error: Key error.)
O16 - DPF: Euchre by pogo
http://game1.pogo.com/applet-6.6.0.27/e ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: First Class Solitaire by pogo
http://game1.pogo.com/applet-6.6.2.21/f ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Fortune Bingo by pogo
http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Harvest Mania by pogo
http://game1.pogo.com/applet-6.6.3.34/h ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Hearts by pogo
http://game1.pogo.com/applet-6.6.4.29/h ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: High Stakes Poker by pogo
http://game1.pogo.com/applet-6.5.4.27/d ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: High Stakes Pool by pogo
http://game1.pogo.com/applet-6.4.4.34/p ... assets.cab (Reg Error: Key error.)
O16 - DPF: Jigsaw Detective by pogo
http://game1.pogo.com/applet-6.6.2.21/j ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Jokers Wild Poker by pogo
http://game1.pogo.com/applet-6.6.0.34/v ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Jungle Gin by pogo
http://game1.pogo.com/applet-6.6.2.35/gin/gin-en_US.cab (Reg Error: Key error.)
O16 - DPF: Keno by pogo
http://game1.pogo.com/applet-6.6.0.34/k ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Lost Temple Poker by pogo
http://game1.pogo.com/applet-6.6.3.34/m ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Lottso by pogo
http://game1.pogo.com/applet-6.6.4.21/l ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Mah Jong Garden by pogo
http://game1.pogo.com/applet-6.5.2.33/m ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java
file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Multiline Slots by pogo
http://game1.pogo.com/applet-6.4.4.34/m ... assets.cab (Reg Error: Key error.)
O16 - DPF: Pai Gow by pogo
http://game1.pogo.com/applet-6.4.4.34/p ... assets.cab (Reg Error: Key error.)
O16 - DPF: Payday FreeCell by pogo
http://game1.pogo.com/applet-6.5.3.37/f ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Penguin Blocks by pogo
http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Perfect Pair Solitaire by pogo
http://game1.pogo.com/applet-6.6.0.27/w ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Phlinx by pogo
http://game1.pogo.com/applet-6.6.1.37/f ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Pinochle by pogo
http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Pop Fu by pogo
http://game1.pogo.com/applet-6.5.3.44/p ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: PoppaZoppa by pogo
http://game1.pogo.com/applet-6.6.4.21/p ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Poppit by pogo
http://game1.pogo.com/applet-6.6.4.21/p ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Quick Quack by pogo
http://game1.pogo.com/applet-6.6.4.21/h ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Quick Shot by pogo
http://game1.pogo.com/applet-6.6.3.34/q ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: QWERTY by pogo
http://game1.pogo.com/applet-6.6.2.35/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Ride The Tide by pogo
http://game1.pogo.com/applet-6.5.3.37/r ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: SciFi Slots by pogo
http://game1.pogo.com/applet-6.6.1.37/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Showbiz Slots 2 by pogo
http://game1.pogo.com/applet-6.4.3.28/s ... assets.cab (Reg Error: Key error.)
O16 - DPF: Shuffle Bump by pogo
http://game1.pogo.com/applet-6.6.4.29/p ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Spades 2 by pogo
http://game1.pogo.com/applet-6.6.1.29/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Spider Solitaire by pogo
http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Squelchies by pogo
http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Stax by pogo
http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Stellar Sweeper by pogo
http://game1.pogo.com/applet-6.5.5.36/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Sweet Tooth TM by pogo
http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Texas Hold'em Poker by pogo
http://game1.pogo.com/applet-6.5.1.24/h ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Tri-Peaks by pogo
http://game1.pogo.com/applet-6.6.4.21/p ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Tumble Bees by pogo
http://game1.pogo.com/applet-6.6.2.21/j ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Turbo 21 TM by pogo
http://game1.pogo.com/applet-6.5.1.24/t ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Video Poker by pogo
http://game1.pogo.com/applet-6.4.0.41/v ... assets.cab (Reg Error: Key error.)
O16 - DPF: Wonderland Memories by pogo
http://game1.pogo.com/applet-6.6.4.21/m ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Whomp by pogo
http://game1.pogo.com/applet-6.6.4.21/w ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Whomp Whackdown by pogo
http://game1.pogo.com/applet-6.6.3.34/w ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: WordJong by pogo
http://game1.pogo.com/applet-6.6.1.29/w ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: World Class Solitaire by pogo
http://game1.pogo.com/applet-6.6.3.34/w ... -en_US.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Literati
http://download.games.yahoo.com/games/c ... /tt3_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! MahJong Solitaire
http://download.games.yahoo.com/games/c ... jst4_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pyramids
http://download.games.yahoo.com/games/c ... pyt1_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\mhtml - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Paul Graf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul Graf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 15:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/22 11:21:45 | 000,000,025 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\WINDOWS\TEMP\wmsdk64_32.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\WINDOWS\TEMP\wmsdk64_32.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-21-2427840827-2417277306-1169192455-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ========== [2010/08/01 14:03:29 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul Graf\Desktop\OTL.exe
[2010/07/29 23:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/07/28 17:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/28 07:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/28 07:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/14 03:55:35 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/05 21:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul Graf\Desktop\2010-06NSC
[2004/12/13 09:57:36 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
[2003/01/15 13:06:32 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
========== Files - Modified Within 30 Days ========== [2010/08/01 14:07:47 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Desktop\xh4mi4rq.exe
[2010/08/01 14:03:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul Graf\Desktop\OTL.exe
[2010/08/01 13:45:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/01 10:24:46 | 000,035,653 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/08/01 10:24:01 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/08/01 10:21:06 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/01 10:20:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/01 10:20:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/01 10:20:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/08/01 10:20:38 | 535,871,488 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/01 10:18:36 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Paul Graf\NTUSER.DAT
[2010/08/01 10:18:36 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Paul Graf\NTUSER.INI
[2010/08/01 02:46:01 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/07/30 23:40:48 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/30 18:08:30 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Desktop\Badgeaddicts (0508).xls
[2010/07/29 22:41:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/29 07:02:05 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Desktop\Bad web page.doc
[2010/07/28 18:08:27 | 000,010,326 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Desktop\uninstall_list728
[2010/07/28 18:06:03 | 000,019,511 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Desktop\hijackthis728
[2010/07/28 18:04:43 | 000,002,455 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Desktop\HiJackThis.lnk
[2010/07/28 17:24:49 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/07/28 17:24:49 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/27 21:55:41 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Paul Graf\My Documents\New Youth Bowling League Coming to Stelton Lanes.doc
[2010/07/25 19:03:59 | 000,089,136 | ---- | M] () -- C:\Documents and Settings\Paul Graf\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/07/15 01:13:18 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/07/07 17:10:09 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/05 12:28:18 | 000,000,152 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
========== Files Created - No Company Name ========== [2010/08/01 14:07:40 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Paul Graf\Desktop\xh4mi4rq.exe
[2010/07/29 17:26:59 | 535,871,488 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/29 07:02:05 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Paul Graf\Desktop\Bad web page.doc
[2010/07/28 18:07:29 | 000,010,326 | ---- | C] () -- C:\Documents and Settings\Paul Graf\Desktop\uninstall_list728
[2010/07/28 18:06:03 | 000,019,511 | ---- | C] () -- C:\Documents and Settings\Paul Graf\Desktop\hijackthis728
[2010/07/28 18:03:57 | 000,002,455 | ---- | C] () -- C:\Documents and Settings\Paul Graf\Desktop\HiJackThis.lnk
[2010/07/28 17:24:49 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/27 20:08:00 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Paul Graf\My Documents\New Youth Bowling League Coming to Stelton Lanes.doc
[2009/07/21 22:32:32 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/11/24 23:52:27 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/09/07 17:28:32 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/09/05 19:33:08 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2006/05/24 14:22:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\slingo.INI
[2005/11/05 09:10:47 | 000,001,183 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/04/21 17:19:47 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Paul Graf.ini
[2005/03/27 21:41:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/07/16 20:29:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/07/16 20:22:49 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5c.DLL
[2004/05/25 22:34:03 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/05/16 22:21:06 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/01/03 11:51:39 | 000,000,420 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2003/12/28 17:09:13 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2003/12/28 17:09:13 | 000,000,296 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/11/12 19:45:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2003/10/06 14:16:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/10/06 14:16:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/10/06 14:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/10/06 14:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/09/07 00:44:18 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/08/15 19:44:32 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu2.sys
[2003/08/15 19:44:32 | 000,001,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2003/08/11 19:49:57 | 000,000,455 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/07/28 21:17:02 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/07/17 22:25:40 | 000,000,275 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2003/07/15 19:51:32 | 000,000,021 | ---- | C] () -- C:\WINDOWS\FH_setup.ini
[2003/03/27 17:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/03/17 19:32:00 | 000,000,028 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2003/02/22 12:30:14 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/02/14 13:24:40 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2003/02/14 13:23:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2003/02/14 13:13:54 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QFNOA.INI
[2003/02/14 13:09:02 | 000,000,627 | ---- | C] () -- C:\WINDOWS\INTU_ONL.INI
[2003/02/07 21:22:28 | 000,001,416 | ---- | C] () -- C:\WINDOWS\QfnOnl.ini
[2003/02/07 21:22:28 | 000,000,152 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/02/07 21:22:26 | 000,000,362 | ---- | C] () -- C:\WINDOWS\QDQICK.INI
[2003/02/07 21:22:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\ACCWIZ.INI
[2003/02/07 20:45:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\slingox.INI
[2003/01/15 13:15:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/15 13:06:50 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/01/15 13:06:33 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2003/01/15 13:06:33 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/01/15 13:06:32 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/01/15 13:06:31 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2003/01/15 13:06:31 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2003/01/15 13:06:31 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2003/01/15 13:06:01 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/01/15 13:02:35 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/15 12:40:36 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/09 10:32:16 | 000,000,885 | ---- | C] () -- C:\WINDOWS\LRUN32.INI
[2002/09/09 10:28:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/08/29 07:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\ONETW.DRV
[2002/02/06 11:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 17:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/10/24 17:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Paul Graf\Jesequifax090207:SummaryInformation
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EFDF5FB
< End of report >
Paul