[Carl :)]

i have a thread also entitled like this in the CCleaner Discussion,
thanks for all the people who suggested for me to make a thread here.

here's the problem.

I installed CCleaner and i use it after i surf the internet and stuff like that. but whenever i turn off my computer and turn it on again, whenever i launch CCleaner i get a message like this : "Windows is searching for CCleaner.exe to locate it yourself, click browse" i click browse but it doesn't seem to work.

please help me , this is getting kinda' annoying.

things i tried:

downloaded the slim version and saved in different paths
FAILED

Unistalled and did a new fresh download.
FAILED

Posted anew thread in the spyware hell forum and seek for some help.
LET"S SEE XD

please help me guys

thanks so much.

[Rorschach112]

can you follow the steps here

http://forum.pirifor...showtopic=20120

If any of them don't work, rename the tools to svchost.com and run them

[Carl :)]

i tried to download the first link provided but my PC crashed when i opened it up.

i tried to download the Malwarebytes' Anti-Malware but i was redirected to ask.com


whatamigunaado?

[Rorschach112]

try the others as well


and this

Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

[Carl :)]

Rorschach112, on Oct 21 2009, 02:02 PM, said:

try the others as well


and this

Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Running from: C:\Documents and Settings\Mary Madison\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Mary Madison\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

[Rorschach112]

hi

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %SYSTEMDRIVE%\*.exe
  %SYSTEMDRIVE%\eventlog.dll /s /md5
  %SYSTEMDRIVE%\scecli.dll /s /md5
  %SYSTEMDRIVE%\netlogon.dll /s /md5
  %SYSTEMDRIVE%\cngaudit.dll /s /md5
  %SYSTEMDRIVE%\sceclt.dll /s /md5
  %SYSTEMDRIVE%\ntelogon.dll /s /md5
  %SYSTEMDRIVE%\logevent.dll /s /md5
  %SYSTEMDRIVE%\iaStor.sys /s /md5
  %SYSTEMDRIVE%\nvstor.sys /s /md5
  %SYSTEMDRIVE%\atapi.sys /s /md5
  %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
  %SYSTEMDRIVE%\viasraid.sys /s /md5
  
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

[Carl :)]

after i copy it,
what will i do next?

thanks

[Rorschach112]

you paste the log information here...

[Carl :)]

"OTL"

OTL logfile created on: 10/27/2009 6:30:57 PM - Run 2
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Mary Madison\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

247.46 Mb Total Physical Memory | 94.06 Mb Available Physical Memory | 38.01% Memory free
606.44 Mb Paging File | 391.28 Mb Available in Paging File | 64.52% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.56 Gb Total Space | 7.79 Gb Free Space | 42.00% Space Free | Partition Type: NTFS
Drive D: | 18.70 Gb Total Space | 18.35 Gb Free Space | 98.14% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NONE-3CA533D0E6
Current User Name: Mary Madison
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/27 18:26:38 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Madison\Desktop\OTL.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/22 18:31:06 | 05,206,016 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2009/08/03 10:40:59 | 01,252,319 | ---- | M] () -- C:\WINDOWS\System32\XP-F55003D1.EXE
PRC - [2009/04/06 12:17:11 | 02,906,440 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/26 20:17:12 | 01,609,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/02/26 16:43:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/01/16 12:46:44 | 00,365,568 | RHS- | M] () -- C:\WINDOWS\password_viewer.exe
PRC - [2007/06/25 11:17:12 | 01,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2002/09/20 19:20:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/05/03 15:06:24 | 01,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NMSSvc.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (NeroRegInCDSrv [Auto | Stopped])
SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/03/17 09:08:27 | 00,109,568 | R-S- | M] () -- C:\WINDOWS\System32\cgxeue.dll -- (winsvc [Auto | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/02/26 16:43:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/06/29 21:46:56 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2007/06/27 21:34:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2007/06/25 11:17:12 | 01,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - [2003/07/28 14:58:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2002/09/20 19:20:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2002/05/03 15:06:24 | 01,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NMSSvc.exe -- (NMSSvc [Auto | Running])

========== Modules (SafeList) ==========

MOD - [2009/10/27 18:26:38 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Madison\Desktop\OTL.exe
MOD - [2009/10/27 18:23:04 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\cg852931.dll
MOD - [2008/04/14 08:12:52 | 01,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2002/11/06 22:30:38 | 00,040,820 | ---- | M] (SoundMAX) -- C:\WINDOWS\System32\SYNCOR11.DLL

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...spx?tbid=160002
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox...spx?tbid=160002

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.6
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:1.8
FF - prefs.js..extensions.enabledItems: foxdie_ext_ocelot@foxdie.us:3.1.9.3
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.22
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.6
FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.1
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c9626}:1.5.3
FF - prefs.js..extensions.enabledItems: arcticglow-ff3-30@glowplug.bitasylum.net:3.5.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}:0.7.1
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/09 18:31:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/09 00:20:58 | 00,000,000 | ---D | M]

[2009/05/21 19:30:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\mozilla\Extensions
[2009/03/17 10:06:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/21 19:30:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/10/26 22:38:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\mozilla\Firefox\Profiles\4a58qr10.default\extensions
[2009/08/25 23:37:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\mozilla\Firefox\Profiles\4a58qr10.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
[2009/07/15 22:28:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\mozilla\Firefox\Profiles\4a58qr10.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
[2009/03/22 14:38:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\mozilla\Firefox\Profiles\4a58qr10.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/10/15 23:42:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\mozilla\Firefox\Profiles\4a58qr10.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/03/17 10:16:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\mozilla\Firefox\Profiles\4a58qr10.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}
[2009/10/15 23:42:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\mozilla\Firefox\Profiles\4a58qr10.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/10/15 23:42:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\mozilla\Firefox\Profiles\4a58qr10.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
[2009/10/25 00:05:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\mozilla\Firefox\Profiles\4a58qr10.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/06/04 09:19:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\mozilla\Firefox\Profiles\4a58qr10.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009/10/15 23:42:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\mozilla\Firefox\Profiles\4a58qr10.default\extensions\arcticglow-ff3-30@glowplug.bitasylum.net
[2009/10/24 21:44:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\mozilla\Firefox\Profiles\4a58qr10.default\extensions\foxdie_ext_ocelot@foxdie.us
[2009/03/21 10:06:58 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Mary Madison\Application Data\Mozilla\FireFox\Profiles\4a58qr10.default\searchplugins\ask.xml
[2009/10/25 22:21:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/10 18:11:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/21 08:36:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/09/10 18:11:30 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 18:11:30 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/25 03:34:32 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/02/25 03:34:14 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/04/16 04:24:44 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/09/10 18:11:32 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/04/06 12:15:38 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2009/10/09 00:20:58 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/09 00:20:58 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/09 00:20:58 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/09 00:20:58 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/09 00:20:58 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/09 00:20:58 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/10/09 00:20:58 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/03/10 07:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2009/02/25 03:34:32 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/21 20:58:26 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/21 20:58:26 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2007/07/26 12:05:16 | 00,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2009/08/21 20:58:27 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/21 20:58:27 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/21 20:58:27 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/21 20:58:27 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/21 20:58:27 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: () - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: () - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [XP-F55003D1] C:\WINDOWS\System32\XP-F55003D1.EXE ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - Startup: C:\Documents and Settings\Mary Madison\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe File not found
O4 - Startup: C:\Documents and Settings\Mary Madison\Start Menu\Programs\Startup\¡¡¡¡¡¡.lnk = C:\WINDOWS\System32\XP-F55003D1.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMFUprogramsList = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (password_viewer.exe) - C:\WINDOWS\password_viewer.exe ()
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) - C:\WINDOWS\System32\logonuiX.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
O24 - Desktop Components:0 (My Current Home Page) - about:Home
O27 - HKLM IFEO\notepad.exe: Debugger - C:\WINDOWS\system32\Notepad2.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/28 04:21:50 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{03b75d70-2cf2-11de-ad28-000bcd1d7712}\Shell - "" = AutoRun
O33 - MountPoints2\{03b75d70-2cf2-11de-ad28-000bcd1d7712}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{08224d00-1138-11de-acaf-000bcd1d7712}\Shell - "" = AutoRun
O33 - MountPoints2\{08224d00-1138-11de-acaf-000bcd1d7712}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{349cf26a-7e7d-11de-ae38-000bcd1d7712}\Shell\AutoRun\command - "" = F:\password_viewer.exe -- File not found
O33 - MountPoints2\{349cf26a-7e7d-11de-ae38-000bcd1d7712}\Shell\Explore\command - "" = F:\
O33 - MountPoints2\{349cf26a-7e7d-11de-ae38-000bcd1d7712}\Shell\Open\command - "" = F:\password_viewer.exe -- File not found
O33 - MountPoints2\{6003fa70-11e5-11de-acb4-000bcd1d7712}\Shell - "" = AutoRun
O33 - MountPoints2\{6003fa70-11e5-11de-acb4-000bcd1d7712}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{90203968-0ac3-11de-ac8d-000bcd1d7712}\Shell - "" = AutoRun
O33 - MountPoints2\{90203968-0ac3-11de-ac8d-000bcd1d7712}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95fd2ebc-88d7-11de-ae54-000bcd1d7712}\Shell\AutoRun\command - "" = F:\password_viewer.exe -- File not found
O33 - MountPoints2\{95fd2ebc-88d7-11de-ae54-000bcd1d7712}\Shell\Explore\command - "" = F:\password_viewer.exe -- File not found
O33 - MountPoints2\{95fd2ebc-88d7-11de-ae54-000bcd1d7712}\Shell\Open\command - "" = F:\password_viewer.exe -- File not found
O33 - MountPoints2\{95fd2ebd-88d7-11de-ae54-000bcd1d7712}\Shell\AutoRun\command - "" = G:\password_viewer.exe -- File not found
O33 - MountPoints2\{95fd2ebd-88d7-11de-ae54-000bcd1d7712}\Shell\Explore\command - "" = G:\password_viewer.exe -- File not found
O33 - MountPoints2\{95fd2ebd-88d7-11de-ae54-000bcd1d7712}\Shell\Open\command - "" = G:\password_viewer.exe -- File not found
O33 - MountPoints2\{ba2a374f-0a38-11de-ac89-000bcd1d7712}\Shell\AutoRun\command - "" = F:\password_viewer.exe -- File not found
O33 - MountPoints2\{ba2a374f-0a38-11de-ac89-000bcd1d7712}\Shell\Explore\command - "" = F:\password_viewer.exe -- File not found
O33 - MountPoints2\{ba2a374f-0a38-11de-ac89-000bcd1d7712}\Shell\Open\command - "" = F:\password_viewer.exe -- File not found
O33 - MountPoints2\{c2f056ef-0996-11de-ac83-000bcd1d7712}\Shell\AutoRun\command - "" = G:\password_viewer.exe -- File not found
O33 - MountPoints2\{c2f056ef-0996-11de-ac83-000bcd1d7712}\Shell\Explore\command - "" = G:\password_viewer.exe -- File not found
O33 - MountPoints2\{c2f056ef-0996-11de-ac83-000bcd1d7712}\Shell\Open\command - "" = G:\password_viewer.exe -- File not found
O33 - MountPoints2\{e9ccc57b-09f4-11de-ac87-000bcd1d7712}\Shell\AutoRun\command - "" = H:\password_viewer.exe -- File not found
O33 - MountPoints2\{e9ccc57b-09f4-11de-ac87-000bcd1d7712}\Shell\Explore\command - "" = H:\password_viewer.exe -- File not found
O33 - MountPoints2\{e9ccc57b-09f4-11de-ac87-000bcd1d7712}\Shell\Open\command - "" = H:\password_viewer.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: winsvc - C:\WINDOWS\System32\cgxeue.dll ()

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk - C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\AcroTray.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, Inc.)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: CursorFX - hkey= - key= - C:\Documents and Settings\Mary Madison\Desktop\ceejay\Stardock\CursorFX\CursorFX.exe File not found
MsConfig - StartUpReg: DrvLsnr - hkey= - key= - C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: InCD - hkey= - key= - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: PowerTweak Menu - hkey= - key= - File not found
MsConfig - StartUpReg: PROMon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: SecurDisc - hkey= - key= - C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
MsConfig - StartUpReg: SiteRanker - hkey= - key= - C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
MsConfig - StartUpReg: Smapp - hkey= - key= - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: Speed Typing - hkey= - key= - C:\Documents and Settings\Mary Madison\Desktop\ceejay\Speed Typing\STyping.exe File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe File not found
MsConfig - StartUpReg: TaskSwitchXP - hkey= - key= - C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
MsConfig - StartUpReg: Uniblue RegistryBooster 2009 - hkey= - key= - C:\Documents and Settings\Mary Madison\Desktop\ceejay\Uniblue\RegistryBooster\RegistryBooster.exe File not found
MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1



ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {0C967A97-8A13-44B8-AE34-043C3D81B8F3} - Yahoo! Toolbar
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3B5ABBA8-D573-465B-B5DE-1ACEC13B4A95} - Yahoo! Tracking
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {8C7AAC4A-0705-4479-B68A-E1A6A0065CFA} - Yahoo! Search Assist
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{45F976CA-1795-4EC5-9EF5-D6351A95F723} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: MIDI1 - C:\WINDOWS\System32\SYNCOR11.DLL (SoundMAX)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/25 10:53:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mary Madison\Application Data\Imagomat
[2009/10/27 18:14:11 | 00,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2009/10/25 10:19:38 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/10/25 10:19:27 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/27 18:26:24 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary Madison\Desktop\OTL.exe
[2009/10/25 22:41:28 | 00,168,448 | ---- | C] (csie.org) -- C:\Documents and Settings\Mary Madison\Desktop\piaipRCHack_v1.12.exe
[2009/10/21 06:28:53 | 00,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll

========== Files - Modified Within 14 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/10/27 18:29:19 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\c852931.dl_
[2009/10/27 18:28:48 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\c852931.dll
[2009/10/27 18:26:38 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Madison\Desktop\OTL.exe
[2009/10/27 18:24:32 | 00,000,625 | ---- | M] () -- C:\Documents and Settings\Mary Madison\Start Menu\Programs\Startup\¡¡¡¡¡¡.lnk
[2009/10/27 18:24:02 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\x}852931.dl_
[2009/10/27 18:23:32 | 00,005,077 | ---- | M] () -- C:\WINDOWS\System32\drivers\qohkmp.sys
[2009/10/27 18:23:28 | 00,000,692 | -HS- | M] () -- C:\WINDOWS\System32\og.dll
[2009/10/27 18:23:27 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\ad852931.dll
[2009/10/27 18:23:27 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\ad852931.dl_
[2009/10/27 18:23:21 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\x}852931.dll
[2009/10/27 18:23:20 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\aj852931.dll
[2009/10/27 18:23:20 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\aj852931.dl_
[2009/10/27 18:23:07 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\sb852931.dll
[2009/10/27 18:23:07 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\sb852931.dl_
[2009/10/27 18:23:04 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\cg852931.dll
[2009/10/27 18:23:04 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\cg852931.dl_
[2009/10/27 18:23:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/27 18:22:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/27 18:21:07 | 00,000,261 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009/10/27 18:20:21 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\b~852931.dll
[2009/10/27 18:20:21 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\b~852931.dl_
[2009/10/27 18:19:07 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\a~852931.dll
[2009/10/27 18:19:07 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\a~852931.dl_
[2009/10/27 18:14:38 | 00,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2009/10/27 16:19:16 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\pv852931.dll
[2009/10/27 16:19:16 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\pv852931.dl_
[2009/10/27 14:00:26 | 04,811,680 | -H-- | M] () -- C:\Documents and Settings\Mary Madison\Local Settings\Application Data\IconCache.db
[2009/10/26 22:55:54 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\tb852931.dll
[2009/10/26 22:55:54 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\tb852931.dl_
[2009/10/26 22:53:03 | 00,001,664 | ---- | M] () -- C:\Documents and Settings\Mary Madison\Desktop\CCleaner.lnk
[2009/10/26 19:10:15 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\xz852931.dll
[2009/10/26 19:10:15 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\xz852931.dl_
[2009/10/26 19:09:57 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/25 22:41:39 | 00,168,448 | ---- | M] (csie.org) -- C:\Documents and Settings\Mary Madison\Desktop\piaipRCHack_v1.12.exe
[2009/10/25 10:21:23 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\s852931.dl_
[2009/10/25 10:16:54 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\s852931.dll
[2009/10/24 02:17:49 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\ce852931.dll
[2009/10/24 02:17:49 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\ce852931.dl_
[2009/10/22 16:14:26 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\rd852931.dll
[2009/10/22 16:14:26 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\rd852931.dl_
[2009/10/21 06:29:35 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\rs852931.dll
[2009/10/21 06:29:35 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\rs852931.dl_
[2009/10/21 06:29:21 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\js852931.dll
[2009/10/21 06:29:21 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\js852931.dl_
[2009/10/19 18:43:52 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\i~852931.dll
[2009/10/19 18:43:52 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\i~852931.dl_
[2009/10/19 05:44:53 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/18 08:41:59 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\hs852931.dll
[2009/10/18 08:41:59 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\hs852931.dl_
[2009/10/18 08:40:14 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\is852931.dl_
[2009/10/18 08:38:57 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\is852931.dll
[2009/10/15 07:24:28 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\gp852931.dll
[2009/10/15 07:24:28 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\gp852931.dl_

========== Files - No Company Name ==========
[2009/10/27 18:14:38 | 00,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2009/10/26 19:10:15 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\xz852931.dll
[2009/10/26 19:10:15 | 00,044,686 | -H-- | C] () -- C:\WINDOWS\System32\xz852931.dl_
[2009/10/25 10:21:11 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/22 16:14:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\rd852931.dll
[2009/10/22 16:14:00 | 00,044,686 | -H-- | C] () -- C:\WINDOWS\System32\rd852931.dl_
[2009/10/21 15:42:54 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\pv852931.dll
[2009/10/21 15:42:54 | 00,044,686 | -H-- | C] () -- C:\WINDOWS\System32\pv852931.dl_
[2009/10/21 06:28:53 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/10/19 18:43:52 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\i~852931.dll
[2009/10/19 18:43:52 | 00,044,686 | -H-- | C] () -- C:\WINDOWS\System32\i~852931.dl_
[2009/10/19 13:28:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\rs852931.dll
[2009/10/19 13:28:00 | 00,044,686 | -H-- | C] () -- C:\WINDOWS\System32\rs852931.dl_
[2009/10/18 10:07:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\js852931.dll
[2009/10/18 10:07:00 | 00,044,686 | -H-- | C] () -- C:\WINDOWS\System32\js852931.dl_
[2009/10/18 08:41:59 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\hs852931.dll
[2009/10/18 08:41:59 | 00,044,686 | -H-- | C] () -- C:\WINDOWS\System32\hs852931.dl_
[2009/10/18 08:19:20 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\is852931.dll
[2009/10/18 08:19:20 | 00,044,686 | -H-- | C] () -- C:\WINDOWS\System32\is852931.dl_
[2009/10/15 07:24:28 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\gp852931.dll
[2009/10/15 07:24:28 | 00,044,686 | -H-- | C] () -- C:\WINDOWS\System32\gp852931.dl_
[2009/10/11 14:13:56 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ud852931.dll
[2009/10/11 00:16:46 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\if852931.dll
[2009/10/11 00:14:56 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\vb852931.dll
[2009/10/10 02:40:25 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ck852931.dll
[2009/10/09 19:05:22 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\tj852931.dll
[2009/10/09 15:05:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\mj852931.dll
[2009/10/09 06:18:25 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\aj852931.dll
[2009/10/06 06:59:39 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\cg852931.dll
[2009/10/05 08:51:14 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\bd852931.dll
[2009/10/04 06:12:05 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ge852931.dll
[2009/10/04 03:53:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\windowfx3.ini
[2009/10/04 03:53:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\windowfx2.ini
[2009/10/04 03:52:51 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\wfxhelp22.dll
[2009/10/04 03:41:25 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\de852931.dll
[2009/10/04 02:52:56 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ce852931.dll
[2009/10/03 17:32:14 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\pb852931.dll
[2009/10/03 16:14:56 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\od852931.dll
[2009/10/03 01:27:22 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\p~852931.dll
[2009/10/03 00:34:27 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ad852931.dll
[2009/10/03 00:27:24 | 00,007,852 | ---- | C] () -- C:\WINDOWS\System32\mcdmsg7.dll
[2009/10/01 19:27:29 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\tb852931.dll
[2009/10/01 19:24:53 | 00,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2009/10/01 19:24:39 | 00,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2009/10/01 18:43:54 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\sb852931.dll
[2009/10/01 17:19:56 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\c852931.dll
[2009/10/01 17:14:37 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\rb852931.dll
[2009/10/01 05:54:20 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\q852931.dll
[2009/09/30 22:18:31 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\a~852931.dll
[2009/09/30 21:11:43 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\s852931.dll
[2009/09/30 10:11:36 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\h852931.dll
[2009/09/29 16:00:07 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\b~852931.dll
[2009/09/28 23:31:51 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\x}852931.dll
[2009/09/28 23:07:26 | 00,005,077 | ---- | C] () -- C:\WINDOWS\System32\drivers\qohkmp.sys
[2009/09/28 23:07:17 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ku461115.dll
[2009/08/03 10:40:59 | 00,002,404 | -HS- | C] () -- C:\WINDOWS\System32\ul.dll
[2009/08/03 10:40:59 | 00,000,692 | -HS- | C] () -- C:\WINDOWS\System32\og.dll
[2009/06/13 21:10:49 | 00,000,002 | -HS- | C] () -- C:\Documents and Settings\Mary Madison\Application Data\evf
[2009/05/21 20:30:11 | 00,076,407 | ---- | C] () -- C:\Documents and Settings\Mary Madison\Application Data\Smiley.ico
[2009/03/22 16:54:38 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/03/21 08:58:35 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\Mary Madison\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/17 09:08:27 | 00,109,568 | R-S- | C] () -- C:\WINDOWS\System32\cgxeue.dll
[2009/03/14 01:25:41 | 00,018,408 | ---- | C] () -- C:\Documents and Settings\Mary Madison\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/13 22:09:57 | 04,811,680 | -H-- | C] () -- C:\Documents and Settings\Mary Madison\Local Settings\Application Data\IconCache.db
[2009/03/13 22:01:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Mary Madison\Application Data\desktop.ini
[2009/03/01 17:41:32 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/03/01 17:29:19 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/28 13:38:39 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/28 13:16:43 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009/02/28 09:41:10 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/02/28 04:18:09 | 00,000,058 | ---- | C] () -- C:\WINDOWS\System32\Notepad2.ini
[2004/08/04 20:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 20:00:00 | 00,000,264 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/03/26 11:06:48 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2002/02/06 11:34:14 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2001/07/08 22:46:56 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\mfGINA.dll

========== LOP Check ==========

[2009/10/11 14:14:11 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/04 06:14:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/19 19:37:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/21 20:30:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1C177
[2009/08/01 01:49:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2009/02/28 14:22:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/10/04 02:43:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2009/03/01 17:25:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/04/06 13:26:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/10/26 19:06:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/25 10:53:51 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Mary Madison\Application Data
[2009/08/01 01:49:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\Acoustica
[2009/04/11 19:45:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\Ahead
[2009/10/01 20:09:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\Astro Gemini Software
[2009/08/26 00:18:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\ComfortSoftware
[2009/08/23 16:56:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\FrostWire
[2009/08/19 23:40:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\GetRightToGo
[2009/10/27 18:16:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\gtk-2.0
[2009/10/03 01:08:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\IconTweaker
[2009/10/25 10:53:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\Imagomat
[2009/03/16 20:34:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\Inbox Toolbar
[2009/08/23 16:56:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\LimeWire
[2009/06/07 15:55:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\Move Networks
[2009/06/21 10:56:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\NCH Swift Sound
[2009/06/27 16:53:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\Nokia
[2009/05/09 06:57:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\Opera
[2009/03/16 20:34:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\SiteRanker
[2009/05/02 00:52:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/10/10 17:19:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\Uniblue
[2009/04/07 12:47:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\Unity
[2009/10/07 09:56:46 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 20:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/01 22:42:02 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\NSSstub.job
[2009/10/27 18:23:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 08:11:54 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/14 08:12:06 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/14 08:12:02 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/14 02:40:32 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

[Carl :)]

"EXTRAS"

OTL Extras logfile created on: 10/27/2009 6:26:55 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Mary Madison\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

247.46 Mb Total Physical Memory | 69.34 Mb Available Physical Memory | 28.02% Memory free
606.44 Mb Paging File | 366.88 Mb Available in Paging File | 60.50% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.56 Gb Total Space | 7.79 Gb Free Space | 42.00% Space Free | Partition Type: NTFS
Drive D: | 18.70 Gb Total Space | 18.35 Gb Free Space | 98.14% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NONE-3CA533D0E6
Current User Name: Mary Madison
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\Notepad2.exe ()
.ini [@ = inifile] -- C:\WINDOWS\System32\Notepad2.exe ()
.txt [@ = txtfile] -- C:\WINDOWS\System32\Notepad2.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- C:\WINDOWS\system32\Notepad2.exe %1 ()
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- C:\WINDOWS\system32\Notepad2.exe %1 ()
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [open] -- C:\WINDOWS\system32\Notepad2.exe %1 ()
inifile [open] -- C:\WINDOWS\system32\Notepad2.exe %1 ()
jsfile [edit] -- C:\WINDOWS\system32\Notepad2.exe %1 ()
jsefile [edit] -- C:\WINDOWS\system32\Notepad2.exe %1 ()
piffile [open] -- "%1" %* File not found
regfile [edit] -- C:\WINDOWS\system32\Notepad2.exe %1 ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\WINDOWS\system32\Notepad2.exe %1 ()
vbefile [edit] -- C:\WINDOWS\system32\Notepad2.exe %1 ()
vbsfile [edit] -- C:\WINDOWS\system32\Notepad2.exe %1 ()
wsffile [edit] -- C:\WINDOWS\system32\Notepad2.exe %1 ()
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [New Window] -- explorer.exe %1 (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"65131:UDP" = 65131:UDP:*:Enabled:SystemDocuments PolicyMS
"19165:TCP" = 19165:TCP:*:Enabled:SystemDocuments TempMobile
"25046:UDP" = 25046:UDP:*:Enabled:SystemDocuments ResourcesApp
"24271:TCP" = 24271:TCP:*:Enabled:SystemDocuments BuildProgram

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"E:\Installation\Setupx.exe" = E:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\unzipped\[2955]DSHobro04\Server.exe" = C:\unzipped\[2955]DSHobro04\Server.exe:*:Enabled:Server -- File not found
"C:\Documents and Settings\Mary Madison\Desktop\ceejay\Server.exe" = C:\Documents and Settings\Mary Madison\Desktop\ceejay\Server.exe:*:Enabled:Server -- File not found
"C:\Documents and Settings\Mary Madison\Desktop\ceejay\FrostWire\FrostWire.exe" = C:\Documents and Settings\Mary Madison\Desktop\ceejay\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"C:\Documents and Settings\Mary Madison\Desktop\Server.exe" = C:\Documents and Settings\Mary Madison\Desktop\Server.exe:*:Enabled:Server -- File not found
"C:\Documents and Settings\Mary Madison\Desktop\ceejay\WINrar\Server.exe" = C:\Documents and Settings\Mary Madison\Desktop\ceejay\WINrar\Server.exe:*:Enabled:Server -- File not found
"C:\Documents and Settings\Mary Madison\Desktop\ceejay\Downloads\Server.exe" = C:\Documents and Settings\Mary Madison\Desktop\ceejay\Downloads\Server.exe:*:Enabled:Server -- File not found
"C:\Documents and Settings\Mary Madison\Desktop\ceejay\Downloads\FrostWire\FrostWire.exe" = C:\Documents and Settings\Mary Madison\Desktop\ceejay\Downloads\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- File not found
"C:\Documents and Settings\Mary Madison\Desktop\ceejay\LimeWire\LimeWire.exe" = C:\Documents and Settings\Mary Madison\Desktop\ceejay\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1" = SiteRanker
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1412817C-08CE-40B9-89CB-B98A75B9EB6C}" = Keyboard Designer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A862AD69-32E7-4666-90C7-08302E3E1033}" = Nero 7 Essentials
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner (remove only)
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"CPLBonus" = Kels' CPL Bonus Pack!
"Defraggler" = Defraggler
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"GodsWar Online_is1" = GodsWar Online
"IconTweaker" = IconTweaker
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Ethernet Adapter and Software
"Rainlendar2" = Rainlendar2 (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Switch" = Switch Sound File Converter
"TaskSwitchXP" = TaskSwitchXP
"Unlocker" = Unlocker 1.8.6
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/16/2009 9:08:07 PM | Computer Name = NONE-3CA533D0E6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 3/16/2009 9:08:07 PM | Computer Name = NONE-3CA533D0E6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/16/2009 9:08:07 PM | Computer Name = NONE-3CA533D0E6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/16/2009 9:08:07 PM | Computer Name = NONE-3CA533D0E6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/26/2009 8:02:41 PM | Computer Name = NONE-3CA533D0E6 | Source = Userenv | ID = 1082
Description = Windows cannot set the background refresh timer for Group Policy.
WaitForMultipleObjects (The handle is invalid. ). Group Policy processing aborted.


Error - 4/30/2009 1:02:56 AM | Computer Name = NONE-3CA533D0E6 | Source = Google Update | ID = 20
Description =

Error - 4/30/2009 2:02:53 AM | Computer Name = NONE-3CA533D0E6 | Source = Google Update | ID = 20
Description =

Error - 4/30/2009 3:02:55 AM | Computer Name = NONE-3CA533D0E6 | Source = Google Update | ID = 20
Description =

Error - 4/30/2009 4:08:00 AM | Computer Name = NONE-3CA533D0E6 | Source = Google Update | ID = 20
Description =

Error - 6/27/2009 4:53:41 AM | Computer Name = NONE-3CA533D0E6 | Source = Nokia Software Installer | ID = 1
Description =

[ System Events ]
Error - 10/26/2009 5:46:31 PM | Computer Name = NONE-3CA533D0E6 | Source = Service Control Manager | ID = 7000
Description = The MCIDRV_2600_6_0 service failed to start due to the following error:
%%2001

Error - 10/27/2009 1:59:04 AM | Computer Name = NONE-3CA533D0E6 | Source = Service Control Manager | ID = 7000
Description = The MCIDRV_2600_6_0 service failed to start due to the following error:
%%2001

Error - 10/27/2009 1:59:04 AM | Computer Name = NONE-3CA533D0E6 | Source = Service Control Manager | ID = 7000
Description = The Nero Registry InCD Service service failed to start due to the
following error: %%2

Error - 10/27/2009 1:59:04 AM | Computer Name = NONE-3CA533D0E6 | Source = Service Control Manager | ID = 7023
Description = The Shell Storage service terminated with the following error: %%1114

Error - 10/27/2009 4:17:21 AM | Computer Name = NONE-3CA533D0E6 | Source = Service Control Manager | ID = 7000
Description = The Nero Registry InCD Service service failed to start due to the
following error: %%2

Error - 10/27/2009 4:17:21 AM | Computer Name = NONE-3CA533D0E6 | Source = Service Control Manager | ID = 7023
Description = The Shell Storage service terminated with the following error: %%1114

Error - 10/27/2009 4:17:21 AM | Computer Name = NONE-3CA533D0E6 | Source = Service Control Manager | ID = 7000
Description = The MCIDRV_2600_6_0 service failed to start due to the following error:
%%2001

Error - 10/27/2009 6:24:44 AM | Computer Name = NONE-3CA533D0E6 | Source = Service Control Manager | ID = 7000
Description = The MCIDRV_2600_6_0 service failed to start due to the following error:
%%2001

Error - 10/27/2009 6:24:44 AM | Computer Name = NONE-3CA533D0E6 | Source = Service Control Manager | ID = 7000
Description = The Nero Registry InCD Service service failed to start due to the
following error: %%2

Error - 10/27/2009 6:24:44 AM | Computer Name = NONE-3CA533D0E6 | Source = Service Control Manager | ID = 7023
Description = The Shell Storage service terminated with the following error: %%1114


< End of report >

[Rorschach112]

Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.




do you know what these are

O4 - HKLM..\Run: [XP-F55003D1] C:\WINDOWS\System32\XP-F55003D1.EXE ()
O4 - Startup: C:\Documents and Settings\Mary Madison\Start Menu\Programs\Startup\¡¡¡¡¡¡.lnk = C:\WINDOWS\System32\XP-F55003D1.EXE ()


Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - [2009/03/17 09:08:27 | 00,109,568 | R-S- | M] () -- C:\WINDOWS\System32\cgxeue.dll -- (winsvc [Auto | Stopped])
  MOD - [2009/10/27 18:23:04 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\cg852931.dll
  O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
  O27 - HKLM IFEO\notepad.exe: Debugger - C:\WINDOWS\system32\Notepad2.exe ()
  O33 - MountPoints2\{03b75d70-2cf2-11de-ad28-000bcd1d7712}\Shell - "" = AutoRun
  O33 - MountPoints2\{03b75d70-2cf2-11de-ad28-000bcd1d7712}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{08224d00-1138-11de-acaf-000bcd1d7712}\Shell - "" = AutoRun
  O33 - MountPoints2\{08224d00-1138-11de-acaf-000bcd1d7712}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{349cf26a-7e7d-11de-ae38-000bcd1d7712}\Shell\AutoRun\command - "" = F:\password_viewer.exe -- File not found
  O33 - MountPoints2\{349cf26a-7e7d-11de-ae38-000bcd1d7712}\Shell\Explore\command - "" = F:\
  O33 - MountPoints2\{349cf26a-7e7d-11de-ae38-000bcd1d7712}\Shell\Open\command - "" = F:\password_viewer.exe -- File not found
  O33 - MountPoints2\{6003fa70-11e5-11de-acb4-000bcd1d7712}\Shell - "" = AutoRun
  O33 - MountPoints2\{6003fa70-11e5-11de-acb4-000bcd1d7712}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{90203968-0ac3-11de-ac8d-000bcd1d7712}\Shell - "" = AutoRun
  O33 - MountPoints2\{90203968-0ac3-11de-ac8d-000bcd1d7712}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{95fd2ebc-88d7-11de-ae54-000bcd1d7712}\Shell\AutoRun\command - "" = F:\password_viewer.exe -- File not found
  O33 - MountPoints2\{95fd2ebc-88d7-11de-ae54-000bcd1d7712}\Shell\Explore\command - "" = F:\password_viewer.exe -- File not found
  O33 - MountPoints2\{95fd2ebc-88d7-11de-ae54-000bcd1d7712}\Shell\Open\command - "" = F:\password_viewer.exe -- File not found
  O33 - MountPoints2\{95fd2ebd-88d7-11de-ae54-000bcd1d7712}\Shell\AutoRun\command - "" = G:\password_viewer.exe -- File not found
  O33 - MountPoints2\{95fd2ebd-88d7-11de-ae54-000bcd1d7712}\Shell\Explore\command - "" = G:\password_viewer.exe -- File not found
  O33 - MountPoints2\{95fd2ebd-88d7-11de-ae54-000bcd1d7712}\Shell\Open\command - "" = G:\password_viewer.exe -- File not found
  O33 - MountPoints2\{ba2a374f-0a38-11de-ac89-000bcd1d7712}\Shell\AutoRun\command - "" = F:\password_viewer.exe -- File not found
  O33 - MountPoints2\{ba2a374f-0a38-11de-ac89-000bcd1d7712}\Shell\Explore\command - "" = F:\password_viewer.exe -- File not found
  O33 - MountPoints2\{ba2a374f-0a38-11de-ac89-000bcd1d7712}\Shell\Open\command - "" = F:\password_viewer.exe -- File not found
  O33 - MountPoints2\{c2f056ef-0996-11de-ac83-000bcd1d7712}\Shell\AutoRun\command - "" = G:\password_viewer.exe -- File not found
  O33 - MountPoints2\{c2f056ef-0996-11de-ac83-000bcd1d7712}\Shell\Explore\command - "" = G:\password_viewer.exe -- File not found
  O33 - MountPoints2\{c2f056ef-0996-11de-ac83-000bcd1d7712}\Shell\Open\command - "" = G:\password_viewer.exe -- File not found
  O33 - MountPoints2\{e9ccc57b-09f4-11de-ac87-000bcd1d7712}\Shell\AutoRun\command - "" = H:\password_viewer.exe -- File not found
  O33 - MountPoints2\{e9ccc57b-09f4-11de-ac87-000bcd1d7712}\Shell\Explore\command - "" = H:\password_viewer.exe -- File not found
  O33 - MountPoints2\{e9ccc57b-09f4-11de-ac87-000bcd1d7712}\Shell\Open\command - "" = H:\password_viewer.exe -- File not found
  NetSvcs: winsvc - C:\WINDOWS\System32\cgxeue.dll ()
  [2009/10/27 18:29:19 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\c852931.dl_
  [2009/10/27 18:28:48 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\c852931.dll
  [2009/10/27 18:24:02 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\x}852931.dl_
  [2009/10/27 18:23:32 | 00,005,077 | ---- | M] () -- C:\WINDOWS\System32\drivers\qohkmp.sys
  [2009/10/27 18:23:28 | 00,000,692 | -HS- | M] () -- C:\WINDOWS\System32\og.dll
  [2009/10/27 18:23:27 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\ad852931.dll
  [2009/10/27 18:23:27 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\ad852931.dl_
  [2009/10/27 18:23:21 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\x}852931.dll
  [2009/10/27 18:23:20 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\aj852931.dll
  [2009/10/27 18:23:20 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\aj852931.dl_
  [2009/10/27 18:23:07 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\sb852931.dll
  [2009/10/27 18:23:07 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\sb852931.dl_
  [2009/10/27 18:23:04 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\cg852931.dll
  [2009/10/27 18:23:04 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\cg852931.dl_
  [2009/10/27 18:20:21 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\b~852931.dll
  [2009/10/27 18:20:21 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\b~852931.dl_
  [2009/10/27 18:19:07 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\a~852931.dll
  [2009/10/27 18:19:07 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\a~852931.dl_
  [2009/10/27 16:19:16 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\pv852931.dll
  [2009/10/27 16:19:16 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\pv852931.dl_
  [2009/10/26 22:55:54 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\tb852931.dll
  [2009/10/26 22:55:54 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\tb852931.dl_
  [2009/10/26 19:10:15 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\xz852931.dll
  [2009/10/26 19:10:15 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\xz852931.dl_
  [2009/10/25 10:21:23 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\s852931.dl_
  [2009/10/25 10:16:54 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\s852931.dll
  [2009/10/24 02:17:49 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\ce852931.dll
  [2009/10/24 02:17:49 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\ce852931.dl_
  [2009/10/22 16:14:26 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\rd852931.dll
  [2009/10/22 16:14:26 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\rd852931.dl_
  [2009/10/21 06:29:35 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\rs852931.dll
  [2009/10/21 06:29:35 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\rs852931.dl_
  [2009/10/21 06:29:21 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\js852931.dll
  [2009/10/21 06:29:21 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\js852931.dl_
  [2009/10/19 18:43:52 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\i~852931.dll
  [2009/10/19 18:43:52 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\i~852931.dl_
  [2009/10/18 08:41:59 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\hs852931.dll
  [2009/10/18 08:41:59 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\hs852931.dl_
  [2009/10/18 08:40:14 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\is852931.dl_
  [2009/10/18 08:38:57 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\is852931.dll
  [2009/10/15 07:24:28 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\gp852931.dll
  [2009/10/15 07:24:28 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\gp852931.dl_
  [2009/09/28 23:07:17 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ku461115.dll
  [2009/08/03 10:40:59 | 00,002,404 | -HS- | C] () -- C:\WINDOWS\System32\ul.dll
  [2009/08/03 10:40:59 | 00,000,692 | -HS- | C] () -- C:\WINDOWS\System32\og.dll
  [2009/05/21 20:30:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1C177
  [2009/08/23 16:56:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mary Madison\Application Data\LimeWire
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

  
  
  
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done

Please run the MGA Diagnostic Tool and post back the report it shall produce:

• Download MGADiag to your desktop.
  
• Double-click on MGADiag.exe to launch the program
  
• Click "Continue"
  
• Ensure that the "Windows" tab is selected (it should be by default).
  
• Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  
• Paste the MGA Diagnostic Report back here in your next reply.

[Carl :)]

As far as i know, my PC has never been used for online banking and such.
here's the result of the "Run Fix"

All processes killed
========== OTL ==========
Service\Driver winsvc stopped successfully.
Service\Driver winsvc deleted successfully.
LoadLibrary failed for C:\WINDOWS\System32\cgxeue.dll
C:\WINDOWS\System32\cgxeue.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\cgxeue.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\cg852931.dll
C:\WINDOWS\System32\cg852931.dll NOT unregistered.
C:\WINDOWS\System32\cg852931.dll moved successfully.
Releasing module C:\WINDOWS\system32\cg852931.dll
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\0aMCPClient deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe\ deleted successfully.
C:\WINDOWS\System32\Notepad2.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03b75d70-2cf2-11de-ad28-000bcd1d7712}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03b75d70-2cf2-11de-ad28-000bcd1d7712}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03b75d70-2cf2-11de-ad28-000bcd1d7712}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03b75d70-2cf2-11de-ad28-000bcd1d7712}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08224d00-1138-11de-acaf-000bcd1d7712}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08224d00-1138-11de-acaf-000bcd1d7712}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08224d00-1138-11de-acaf-000bcd1d7712}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08224d00-1138-11de-acaf-000bcd1d7712}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{349cf26a-7e7d-11de-ae38-000bcd1d7712}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{349cf26a-7e7d-11de-ae38-000bcd1d7712}\ not found.
File F:\password_viewer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{349cf26a-7e7d-11de-ae38-000bcd1d7712}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{349cf26a-7e7d-11de-ae38-000bcd1d7712}\ not found.
File F:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{349cf26a-7e7d-11de-ae38-000bcd1d7712}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{349cf26a-7e7d-11de-ae38-000bcd1d7712}\ not found.
File F:\password_viewer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6003fa70-11e5-11de-acb4-000bcd1d7712}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6003fa70-11e5-11de-acb4-000bcd1d7712}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6003fa70-11e5-11de-acb4-000bcd1d7712}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6003fa70-11e5-11de-acb4-000bcd1d7712}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90203968-0ac3-11de-ac8d-000bcd1d7712}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90203968-0ac3-11de-ac8d-000bcd1d7712}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90203968-0ac3-11de-ac8d-000bcd1d7712}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90203968-0ac3-11de-ac8d-000bcd1d7712}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95fd2ebc-88d7-11de-ae54-000bcd1d7712}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95fd2ebc-88d7-11de-ae54-000bcd1d7712}\ not found.
File F:\password_viewer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95fd2ebc-88d7-11de-ae54-000bcd1d7712}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95fd2ebc-88d7-11de-ae54-000bcd1d7712}\ not found.
File F:\password_viewer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95fd2ebc-88d7-11de-ae54-000bcd1d7712}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95fd2ebc-88d7-11de-ae54-000bcd1d7712}\ not found.
File F:\password_viewer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95fd2ebd-88d7-11de-ae54-000bcd1d7712}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95fd2ebd-88d7-11de-ae54-000bcd1d7712}\ not found.
File G:\password_viewer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95fd2ebd-88d7-11de-ae54-000bcd1d7712}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95fd2ebd-88d7-11de-ae54-000bcd1d7712}\ not found.
File G:\password_viewer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95fd2ebd-88d7-11de-ae54-000bcd1d7712}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95fd2ebd-88d7-11de-ae54-000bcd1d7712}\ not found.
File G:\password_viewer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba2a374f-0a38-11de-ac89-000bcd1d7712}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba2a374f-0a38-11de-ac89-000bcd1d7712}\ not found.
File F:\password_viewer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba2a374f-0a38-11de-ac89-000bcd1d7712}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba2a374f-0a38-11de-ac89-000bcd1d7712}\ not found.
File F:\password_viewer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba2a374f-0a38-11de-ac89-000bcd1d7712}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba2a374f-0a38-11de-ac89-000bcd1d7712}\ not found.
File F:\password_viewer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2f056ef-0996-11de-ac83-000bcd1d7712}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2f056ef-0996-11de-ac83-000bcd1d7712}\ not found.
File G:\password_viewer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2f056ef-0996-11de-ac83-000bcd1d7712}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2f056ef-0996-11de-ac83-000bcd1d7712}\ not found.
File G:\password_viewer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2f056ef-0996-11de-ac83-000bcd1d7712}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2f056ef-0996-11de-ac83-000bcd1d7712}\ not found.
File G:\password_viewer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9ccc57b-09f4-11de-ac87-000bcd1d7712}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9ccc57b-09f4-11de-ac87-000bcd1d7712}\ not found.
File H:\password_viewer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9ccc57b-09f4-11de-ac87-000bcd1d7712}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9ccc57b-09f4-11de-ac87-000bcd1d7712}\ not found.
File H:\password_viewer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9ccc57b-09f4-11de-ac87-000bcd1d7712}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9ccc57b-09f4-11de-ac87-000bcd1d7712}\ not found.
File H:\password_viewer.exe not found.
winsvc removed from NetSvcs value successfully!
LoadLibrary failed for C:\WINDOWS\System32\cgxeue.dll
C:\WINDOWS\System32\cgxeue.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\cgxeue.dll scheduled to be moved on reboot.
C:\WINDOWS\System32\c852931.dl_ moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\c852931.dll
C:\WINDOWS\System32\c852931.dll NOT unregistered.
C:\WINDOWS\System32\c852931.dll moved successfully.
C:\WINDOWS\System32\x}852931.dl_ moved successfully.
C:\WINDOWS\System32\drivers\qohkmp.sys moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\og.dll
C:\WINDOWS\System32\og.dll NOT unregistered.
C:\WINDOWS\System32\og.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ad852931.dll
C:\WINDOWS\System32\ad852931.dll NOT unregistered.
C:\WINDOWS\System32\ad852931.dll moved successfully.
C:\WINDOWS\System32\ad852931.dl_ moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\x}852931.dll
C:\WINDOWS\System32\x}852931.dll NOT unregistered.
C:\WINDOWS\System32\x}852931.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\aj852931.dll
C:\WINDOWS\System32\aj852931.dll NOT unregistered.
C:\WINDOWS\System32\aj852931.dll moved successfully.
C:\WINDOWS\System32\aj852931.dl_ moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\sb852931.dll
C:\WINDOWS\System32\sb852931.dll NOT unregistered.
C:\WINDOWS\System32\sb852931.dll moved successfully.
C:\WINDOWS\System32\sb852931.dl_ moved successfully.
File C:\WINDOWS\System32\cg852931.dll not found.
C:\WINDOWS\System32\cg852931.dl_ moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\b~852931.dll
C:\WINDOWS\system32\b~852931.dll NOT unregistered.
C:\WINDOWS\system32\b~852931.dll moved successfully.
C:\WINDOWS\system32\b~852931.dl_ moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\a~852931.dll
C:\WINDOWS\system32\a~852931.dll NOT unregistered.
C:\WINDOWS\system32\a~852931.dll moved successfully.
C:\WINDOWS\system32\a~852931.dl_ moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\pv852931.dll
C:\WINDOWS\System32\pv852931.dll NOT unregistered.
C:\WINDOWS\System32\pv852931.dll moved successfully.
C:\WINDOWS\System32\pv852931.dl_ moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\tb852931.dll
C:\WINDOWS\System32\tb852931.dll NOT unregistered.
C:\WINDOWS\System32\tb852931.dll moved successfully.
C:\WINDOWS\System32\tb852931.dl_ moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\xz852931.dll
C:\WINDOWS\System32\xz852931.dll NOT unregistered.
C:\WINDOWS\System32\xz852931.dll moved successfully.
C:\WINDOWS\System32\xz852931.dl_ moved successfully.
C:\WINDOWS\System32\s852931.dl_ moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\s852931.dll
C:\WINDOWS\System32\s852931.dll NOT unregistered.
C:\WINDOWS\System32\s852931.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ce852931.dll
C:\WINDOWS\System32\ce852931.dll NOT unregistered.
C:\WINDOWS\System32\ce852931.dll moved successfully.
C:\WINDOWS\System32\ce852931.dl_ moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\rd852931.dll
C:\WINDOWS\System32\rd852931.dll NOT unregistered.
C:\WINDOWS\System32\rd852931.dll moved successfully.
C:\WINDOWS\System32\rd852931.dl_ moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\rs852931.dll
C:\WINDOWS\System32\rs852931.dll NOT unregistered.
C:\WINDOWS\System32\rs852931.dll moved successfully.
C:\WINDOWS\System32\rs852931.dl_ moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\js852931.dll
C:\WINDOWS\System32\js852931.dll NOT unregistered.
C:\WINDOWS\System32\js852931.dll moved successfully.
C:\WINDOWS\System32\js852931.dl_ moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\i~852931.dll
C:\WINDOWS\system32\i~852931.dll NOT unregistered.
C:\WINDOWS\system32\i~852931.dll moved successfully.
C:\WINDOWS\system32\i~852931.dl_ moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\hs852931.dll
C:\WINDOWS\System32\hs852931.dll NOT unregistered.
C:\WINDOWS\System32\hs852931.dll moved successfully.
C:\WINDOWS\System32\hs852931.dl_ moved successfully.
C:\WINDOWS\System32\is852931.dl_ moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\is852931.dll
C:\WINDOWS\System32\is852931.dll NOT unregistered.
C:\WINDOWS\System32\is852931.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\gp852931.dll
C:\WINDOWS\System32\gp852931.dll NOT unregistered.
C:\WINDOWS\System32\gp852931.dll moved successfully.
C:\WINDOWS\System32\gp852931.dl_ moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ku461115.dll
C:\WINDOWS\System32\ku461115.dll NOT unregistered.
C:\WINDOWS\System32\ku461115.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\ul.dll
C:\WINDOWS\System32\ul.dll NOT unregistered.
C:\WINDOWS\System32\ul.dll moved successfully.
File C:\WINDOWS\System32\og.dll not found.
C:\Documents and Settings\All Users\Application Data\1C177 moved successfully.
C:\Documents and Settings\Mary Madison\Application Data\LimeWire moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Mary Madison
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Temp\E_4\com.run scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Temp\E_4\dp1.fne scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Temp\E_4\eAPI.fne scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Temp\E_4\internet.fne scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Temp\E_4\krnln.fnr scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Temp\E_4\shell.fne scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Temp\~23115ff.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Temp\~2ec2f9c.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Temp\~32aae3c.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Temp\~368d48a.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Temp\~3a75d61.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Temp\~3e5a180.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Temp\~3e5ab50.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Temp\~f93710.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Temp\~f972e0.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 3343607 bytes
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 523154 bytes
->Java cache emptied: 0 bytes
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Application Data\Mozilla\Firefox\Profiles\4a58qr10.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Application Data\Mozilla\Firefox\Profiles\4a58qr10.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Application Data\Mozilla\Firefox\Profiles\4a58qr10.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Application Data\Mozilla\Firefox\Profiles\4a58qr10.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mary Madison\Local Settings\Application Data\Mozilla\Firefox\Profiles\4a58qr10.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
->FireFox cache emptied: 92689064 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 18638949 bytes
->Opera cache emptied: 127543 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 48410 bytes

Total Files Cleaned = 110.09 mb


OTL by OldTimer - Version 3.0.22.1 log created on 10302009_005617

Files\Folders moved on Reboot...
LoadLibrary failed for C:\WINDOWS\System32\cgxeue.dll
C:\WINDOWS\System32\cgxeue.dll NOT unregistered.
C:\WINDOWS\System32\cgxeue.dll moved successfully.
C:\Documents and Settings\Mary Madison\Local Settings\Temp\E_4\com.run moved successfully.
C:\Documents and Settings\Mary Madison\Local Settings\Temp\E_4\dp1.fne moved successfully.
C:\Documents and Settings\Mary Madison\Local Settings\Temp\E_4\eAPI.fne moved successfully.
C:\Documents and Settings\Mary Madison\Local Settings\Temp\E_4\internet.fne moved successfully.
C:\Documents and Settings\Mary Madison\Local Settings\Temp\E_4\krnln.fnr moved successfully.
C:\Documents and Settings\Mary Madison\Local Settings\Temp\E_4\shell.fne moved successfully.
File\Folder C:\Documents and Settings\Mary Madison\Local Settings\Temp\~23115ff.tmp not found!
File\Folder C:\Documents and Settings\Mary Madison\Local Settings\Temp\~2ec2f9c.tmp not found!
File\Folder C:\Documents and Settings\Mary Madison\Local Settings\Temp\~32aae3c.tmp not found!
File\Folder C:\Documents and Settings\Mary Madison\Local Settings\Temp\~368d48a.tmp not found!
File\Folder C:\Documents and Settings\Mary Madison\Local Settings\Temp\~3a75d61.tmp not found!
File\Folder C:\Documents and Settings\Mary Madison\Local Settings\Temp\~3e5a180.tmp not found!
File\Folder C:\Documents and Settings\Mary Madison\Local Settings\Temp\~3e5ab50.tmp not found!
File\Folder C:\Documents and Settings\Mary Madison\Local Settings\Temp\~f93710.tmp not found!
File\Folder C:\Documents and Settings\Mary Madison\Local Settings\Temp\~f972e0.tmp not found!
C:\Documents and Settings\Mary Madison\Local Settings\Application Data\Mozilla\Firefox\Profiles\4a58qr10.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Mary Madison\Local Settings\Application Data\Mozilla\Firefox\Profiles\4a58qr10.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Mary Madison\Local Settings\Application Data\Mozilla\Firefox\Profiles\4a58qr10.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Mary Madison\Local Settings\Application Data\Mozilla\Firefox\Profiles\4a58qr10.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Mary Madison\Local Settings\Application Data\Mozilla\Firefox\Profiles\4a58qr10.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...

[Carl :)]

Here's the MGA Diagnostic Report :

Thanks for all this help you're giving me



Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Blocked VLK
Validation Code: 3

Cached Validation Code: N/A
Windows Product Key: *****-*****-3R89F-D2KXW-VPK3J
Windows Product Key Hash: Ro/Y7HENE9CfW7lW+QtlNbYQEE8=
Windows Product ID: 76487-640-8365391-23235
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {3CC93658-B399-473F-8B21-71DE804D3704}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\winlogon.exe[5.1.2600.5512]
File Mismatch: C:\WINDOWS\system32\setupapi.dll[5.1.2600.5512]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{3CC93658-B399-473F-8B21-71DE804D3704}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-VPK3J</PKey><PID>76487-640-8365391-23235</PID><PIDType>1</PIDType><SID>S-1-5-21-583907252-1343024091-1606980848</SID><SYSTEM><Manufacturer>Compaq</Manufacturer><Model>Evo D510 SFF</Model></SYSTEM><BIOS><Manufacturer>Compaq</Manufacturer><Version>686O2 v2.14</Version><SMBIOSVersion major="2" minor="3"/><Date>20020815000000.000000+000</Date></BIOS><HWID>08743E4F01842042</HWID><UserLCID>3409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Taipei Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57020</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 674A:Compaq Computer Corporation|10EA9:Compaq Computer Corporation|1FFEA:Compaq Computer Corporation|1FFEA:Hewlett-Packard Company
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

[Rorschach112]

You have a pirated Windows. Due to legal and ethical reasons we are unable to help people With pirated software.

Microsoft has a program for people who unknowingly receive counterfeit software:

Quote

Q:
What are the details of the genuine Windows offer?
A:

To help customers who unknowingly purchased a counterfeit version of Windows XP, Microsoft has created two genuine Windows offers for those who qualify:

* Complimentary offer: Microsoft will make a complimentary copy of Windows XP available to customers who have been sold counterfeit Windows. Customers will be required to submit a proof of purchase, the counterfeit CD, and a counterfeit report with details of their purchase. Only high-quality counterfeit Windows will qualify for the complimentary offer.
* Electronic License Key Offer: Microsoft will offer an alternative for customers who find out via the WGA validation process that they are not running genuine Windows, but do not qualify for, or choose not to take advantage of, the complimentary offer. These customers will be able to license a Windows Genuine Advantage Kit for Windows XP directly from Microsoft for a special on-line purchase price. The Windows Genuine Advantage Kit for Windows XP will include a new 25-character Product Key and a Windows Product Key Update tool that will allow customers to convert their counterfeit copy to genuine Windows XP electronically.

[Carl :)]

really? my OS is pirated? after all this trouble? well, might as well save up for a new PC or Mac.

thank you very much for helping me out, Rorschach112!!