Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Infection Agent2.bhg


  • This topic is locked This topic is locked
15 replies to this topic

#1 shalei

shalei

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 29 March 2009 - 07:41 PM

My computer was infected with a Trojan Agent2.bhg. A file was downloaded to my computer and as soon as it opened AVG anti-virus popped up an alert that an infection took place and 3 files were infected. AVG was unable to heal, but placed the Trojan horse into the virus vault. The path to this file is listed as C:\RECYCLER\S-1-5-21-3776501660-429245384-3995787351-1006\Dc6.zip.

I than ran Malwarebytes’ Anti-Malware, this resulted in a few more issues which It fixed. Here is the log from that:

Malwarebytes' Anti-Malware 1.35
Database version: 1916
Windows 5.1.2600 Service Pack 3

3/29/2009 5:06:33 PM
mbam-log-2009-03-29 (17-06-28).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 231809
Time elapsed: 1 hour(s), 33 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\setupxv.exe (Rogue.Installer) -> No action taken.
C:\WINDOWS\system32\MSVolume.dll (Fake.Dropped.Malware) -> No action taken.


I have not done anything else to try to fix the problem as I feel that I’m in over my head. I am concerned that this infection is still lurking around, but my computer is not acting differently at the moment. A second scan of malwarebytes came up clean. Thanks for any advice you can give.

Here is the DDS report:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 18:58:46.62 on Sun 03/29/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1209 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Sunbelt Kerio Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\CDBurnerXP\cdbxpp.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner.laptop\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6453
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6453
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {9B393B85-708D-4E61-9529-2FA61D4A4904} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Registry_Cleaner_ProMFCT] c:\program files\registry_cleaner_pro\Registry_Cleaner_Pro.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SMSERIAL] rem c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\bigfix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\realte~1.lnk - c:\program files\realtek rtl8187 wireless lan driver and utility\RtWLan.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {DEEE7899-EA7B-454E-829B-9C460B602721} = 10.7.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.lap\applic~1\mozilla\firefox\profiles\oleprncg.default\
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\owner.laptop\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-27 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-12-18 27656]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2006-7-18 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2006-7-18 91672]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-27 298264]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-3-21 266240]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2008-11-25 991232]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-16 38496]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-18 18560]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4d.tmp --> c:\windows\system32\4D.tmp [?]

=============== Created Last 30 ================

2009-03-28 22:12 5,376 a------- c:\windows\system32\drivers\MS1000.sys
2009-03-28 22:12 <DIR> --d----- c:\program files\The Cleaner Demo
2009-03-28 22:04 <DIR> --d----- c:\program files\Registry_Cleaner_Pro
2009-03-28 21:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Creative Memories
2009-03-28 21:16 <DIR> --d----- c:\docume~1\owner~1.lap\applic~1\Creative Memories
2009-03-28 21:08 <DIR> --d----- c:\program files\Creative Memories
2009-03-25 16:09 <DIR> --d----- c:\program files\iTunes
2009-03-25 16:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-25 16:07 <DIR> --d----- c:\program files\Bonjour
2009-03-25 16:04 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-22 16:13 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\CanonIJScan
2009-03-21 17:23 266,240 a------- c:\windows\system32\CSHelper.exe
2009-03-21 17:23 225,280 a------- c:\windows\system32\CSInstru.DLL
2009-03-18 18:31 <DIR> --d----- c:\program files\Passcape
2009-03-18 15:41 <DIR> --d----- c:\program files\Opera 10 Preview
2009-03-14 19:25 <DIR> --dsh--- C:\found.000
2009-03-02 19:34 <DIR> --d----- c:\docume~1\owner~1.lap\applic~1\MSNInstaller

==================== Find3M ====================

2009-03-26 16:49 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 16:49 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-05 23:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-02 19:21 87,608 a------- c:\docume~1\owner~1.lap\applic~1\inst.exe
2009-03-02 19:21 47,360 a------- c:\docume~1\owner~1.lap\applic~1\pcouffin.sys
2009-03-02 11:29 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-02 11:29 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-05 17:33 3,751,995 a------- c:\windows\system32\GPhotos.scr
2008-08-28 21:18 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat

============= FINISH: 18:59:58.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:03:50 PM

Posted 07 April 2009 - 01:46 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 shalei

shalei
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 09 April 2009 - 06:28 PM

I have not done anything new regarding the trojan since my last post, I just want to know if it is still there. Thanks.



DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 18:12:20.70 on Thu 04/09/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1101 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Sunbelt Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
svchost.exe
C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner.laptop\Local Settings\Temp\ArcUpdater\ArcDU.ac
C:\Documents and Settings\Owner.laptop\Local Settings\Temp\ArcUpdater\ConnectSilent_46.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Documents and Settings\Owner.laptop\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6453
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6453
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {9B393B85-708D-4E61-9529-2FA61D4A4904} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Registry_Cleaner_ProMFCT] c:\program files\registry_cleaner_pro\Registry_Cleaner_Pro.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SMSERIAL] rem c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\owner~1.lap\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photofunstudio -viewer-.lnk - c:\program files\panasonic\photofunstudio -viewer-\PhAutoRun.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\bigfix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\realte~1.lnk - c:\program files\realtek rtl8187 wireless lan driver and utility\RtWLan.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {DEEE7899-EA7B-454E-829B-9C460B602721} = 10.7.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.lap\applic~1\mozilla\firefox\profiles\oleprncg.default\
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\owner.laptop\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-30 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-27 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-12-18 27656]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-3-29 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-27 298264]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-3-21 266240]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2008-11-25 991232]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-3-29 65576]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-18 18560]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4d.tmp --> c:\windows\system32\4D.tmp [?]

=============== Created Last 30 ================

2009-04-09 18:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ArcSoft
2009-04-06 19:05 <DIR> --d----- c:\docume~1\owner~1.lap\applic~1\Southwest Airlines
2009-04-06 19:05 <DIR> --d----- c:\program files\Southwest Airlines
2009-04-02 12:56 26 a------- C:\UpdaterforApp.ini
2009-04-02 12:52 126,976 a------- c:\windows\system32\MediaImpression Slideshow.scr
2009-04-02 12:52 <DIR> --d----- c:\windows\system32\MediaImpression Slideshow
2009-04-02 12:49 45,056 a------- c:\windows\system32\PhDi2.sys
2009-04-01 19:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Caspedia
2009-03-30 20:45 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-30 14:49 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-30 14:44 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-29 22:11 270,888 a----r-- c:\windows\system32\drivers\SbFw.sys
2009-03-29 22:11 65,576 a------- c:\windows\system32\drivers\SbFwIm.sys
2009-03-28 22:12 5,376 a------- c:\windows\system32\drivers\MS1000.sys
2009-03-28 22:12 <DIR> --d----- c:\program files\The Cleaner Demo
2009-03-28 22:04 <DIR> --d----- c:\program files\Registry_Cleaner_Pro
2009-03-28 21:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Creative Memories
2009-03-28 21:16 <DIR> --d----- c:\docume~1\owner~1.lap\applic~1\Creative Memories
2009-03-28 21:08 <DIR> --d----- c:\program files\Creative Memories
2009-03-25 16:09 <DIR> --d----- c:\program files\iTunes
2009-03-25 16:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-25 16:07 <DIR> --d----- c:\program files\Bonjour
2009-03-25 16:04 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-22 16:13 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\CanonIJScan
2009-03-21 17:23 266,240 a------- c:\windows\system32\CSHelper.exe
2009-03-21 17:23 225,280 a------- c:\windows\system32\CSInstru.DLL
2009-03-18 18:31 <DIR> --d----- c:\program files\Passcape
2009-03-18 15:41 <DIR> --d----- c:\program files\Opera 10 Preview
2009-03-14 19:25 <DIR> --dsh--- C:\found.000

==================== Find3M ====================

2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-05 23:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-02 19:21 87,608 a------- c:\docume~1\owner~1.lap\applic~1\inst.exe
2009-03-02 19:21 47,360 a------- c:\docume~1\owner~1.lap\applic~1\pcouffin.sys
2009-03-02 11:29 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-02 11:29 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2008-08-28 21:18 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat

============= FINISH: 18:13:35.66 ===============

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 10 April 2009 - 02:04 PM

Hello.

Let's do the following. I need some more information regarding this flash-drive worm...

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Re-run scan with MalwareBytes Anti-Malware

Your MBAM log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile. Please Update MBAM and then read this thread and rescan again only using the (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply.

Even if you have removed it, please still do a quick-scan and post back with the log.

Download and run OTListIT2

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Post both logs in your next reply please.
With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 shalei

shalei
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 10 April 2009 - 10:09 PM

I must have done something wrong when I posted my first Malwarebytes log, maybe I posted it before it healed. On my saved log is now says "Quarantined and deleted successfully" everywhere where it had previously said no action taken. Thanks for taking time to help me. Here are the log files from the new scans:

Malwarebytes' Anti-Malware 1.36
Database version: 1964
Windows 5.1.2600 Service Pack 3

4/10/2009 9:48:47 PM
mbam-log-2009-04-10 (21-48-47).txt

Scan type: Quick Scan
Objects scanned: 80961
Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------------------------------------

OTListIt logfile created on: 4/10/2009 9:57:13 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.2 Folder = C:\Documents and Settings\Owner.laptop\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 61.97% Memory free
3.72 Gb Paging File | 3.18 Gb Available in Paging File | 85.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.20 Gb Total Space | 39.42 Gb Free Space | 27.72% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.70 Gb Free Space | 68.81% Space Free | Partition Type: FAT32
Drive E: | 7.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/04/05 00:52:38 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/04/17 14:14:48 | 00,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2004/10/04 05:47:04 | 00,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/02 11:29:55 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/03/21 17:23:43 | 00,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe
PRC - [2006/04/05 00:52:38 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2009/03/02 11:29:59 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2008/11/25 13:48:38 | 00,991,232 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2008/01/15 10:28:20 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2007/05/04 09:27:00 | 00,071,360 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2004/10/04 04:40:50 | 00,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2008/06/10 01:21:01 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2006/11/04 09:59:15 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/10/31 07:24:28 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2008/10/31 07:24:28 | 01,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
PRC - [2005/08/05 22:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2006/05/19 15:51:16 | 00,774,233 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/01/03 13:53:52 | 00,131,072 | ---- | M] (Skyhook Wireless) -- C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
PRC - [2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/05/16 07:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2005/12/27 13:20:14 | 00,413,696 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/03/23 18:26:09 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2009/03/02 11:29:53 | 01,601,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2008/10/31 07:24:26 | 01,705,256 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
PRC - [2007/05/21 03:37:36 | 00,124,512 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2008/05/16 07:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/05/21 18:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/04/17 14:14:00 | 00,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007/11/16 14:43:16 | 00,040,960 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2005/08/05 22:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/04/06 15:32:44 | 01,277,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/02/26 10:49:18 | 00,099,328 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009/04/10 21:54:31 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.laptop\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/17 14:14:48 | 00,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon [Auto | Running])
SRV - File not found -- -- (AcrSch2Svc [Disabled | Stopped])
SRV - [2007/05/03 20:47:58 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2004/10/04 05:47:04 | 00,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor [Auto | Running])
SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Disabled | Stopped])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/04/05 00:52:38 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/03/02 11:29:55 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/21 17:23:43 | 00,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper [Auto | Running])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2007/01/03 20:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [On_Demand | Stopped])
SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/09 14:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Stopped])
SRV - [2008/11/25 13:48:38 | 00,991,232 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service [Auto | Running])
SRV - [2008/01/15 10:28:20 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater [Auto | Running])
SRV - [2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 13:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/05/21 18:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
SRV - [2007/05/04 09:27:00 | 00,071,360 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
SRV - [2008/05/16 07:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/10/04 04:40:50 | 00,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect [Auto | Running])
SRV - [2006/11/04 09:59:15 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
SRV - [2008/10/31 07:24:28 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher [Auto | Running])
SRV - [2008/10/31 07:24:28 | 01,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4 [Auto | Running])
SRV - [2005/11/12 00:40:52 | 00,018,944 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Disabled | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2007/01/03 13:53:52 | 00,131,072 | ---- | M] (Skyhook Wireless) -- C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe -- (WPSScannerSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/11/04 09:51:18 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/02/23 15:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2001/08/17 22:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2006/06/19 02:37:34 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2006/12/26 15:43:12 | 00,035,144 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
DRV - [2001/08/17 22:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 22:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2006/04/05 00:58:44 | 01,536,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/03/02 11:29:59 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/03/02 11:29:59 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2005/11/02 17:24:24 | 00,424,320 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2006/10/04 21:42:42 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2006/10/04 21:42:42 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2001/08/17 22:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2001/08/17 22:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2006/12/26 15:43:08 | 00,015,440 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])
DRV - [2006/12/13 18:41:48 | 00,011,984 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
DRV - [2008/11/25 13:39:04 | 00,018,560 | ---- | M] (LeapFrog) -- C:\WINDOWS\system32\DRIVERS\FlyUsb.sys -- (FlyUsb [On_Demand | Stopped])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2009/03/09 14:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2001/08/17 22:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2009/03/28 22:12:54 | 00,005,376 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\MS1000.sys -- (MS1000 [On_Demand | Stopped])
DRV - [2007/01/06 21:29:05 | 00,016,694 | ---- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2008/04/28 21:03:53 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2008/05/16 07:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\pnarp.sys -- (pnarp [Auto | Running])
DRV - [2005/03/15 04:45:20 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2004/08/10 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/05/16 07:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\purendis.sys -- (purendis [Auto | Running])
DRV - [2008/07/31 17:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 22:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 22:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 22:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2008/10/31 07:09:06 | 00,270,888 | R--- | M] (Sunbelt Software, Inc.) -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw [System | Running])
DRV - [2008/06/21 04:54:54 | 00,065,576 | ---- | M] (Sunbelt Software, Inc.) -- C:\WINDOWS\system32\DRIVERS\sbfwim.sys -- (SBFWIMCL [On_Demand | Running])
DRV - [2008/06/21 04:54:54 | 00,066,600 | R--- | M] (Sunbelt Software, Inc.) -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips [System | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2006/05/23 22:30:06 | 00,893,952 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])
DRV - [2002/10/15 22:41:06 | 00,102,220 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\sonypvs1.sys -- (sonypvs1 [On_Demand | Stopped])
DRV - [2001/08/17 23:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2006/06/15 18:28:04 | 01,179,784 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 14:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2001/08/17 23:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 23:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 23:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 23:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2006/05/19 15:24:20 | 00,193,088 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2005/09/21 03:30:56 | 00,162,432 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2001/08/17 22:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Stopped])
DRV - [2007/01/03 13:53:48 | 00,012,416 | ---- | M] (Skyhook Wireless) -- C:\WINDOWS\system32\DRIVERS\wpsnuio.sys -- (Wpsnuio [On_Demand | Running])
DRV - [2006/05/23 10:56:00 | 00,245,248 | ---- | M] (Marvell) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])
DRV - [2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TB&M=MX6453


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6453
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6453
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6453
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6453
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6453
IE - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\S-1-5-21-3776501660-429245384-3995787351-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\S-1-5-21-3776501660-429245384-3995787351-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.9
FF - prefs.js..extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:0.9.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: chachaguidebar@chacha.com:1.2
FF - prefs.js..extensions.enabledItems: statsclicker@codewolf:1.6
FF - prefs.js..extensions.enabledItems: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1
FF - prefs.js..extensions.enabledItems: decaps@challenger.edu:1.6
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a99}:3.0.4
FF - prefs.js..extensions.enabledItems: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.69
FF - prefs.js..extensions.enabledItems: {1ABADB6E-DC4B-11DA-9F70-791A9CD9513E}:0.5.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.5.1
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4
FF - prefs.js..extensions.enabledItems: {20291fcc-1471-46c8-8213-0911f5ce6d66}:1.9.0
FF - prefs.js..extensions.enabledItems: {41a40cb1-aa9e-47c6-a207-66b9f5875870}:0.2.1
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.5.2008112201
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.7.3
FF - prefs.js..extensions.enabledItems: taboo@runningfrombears.com:0.6.0
FF - prefs.js..extensions.enabledItems: termblaster@forizon.com:2.0.5
FF - prefs.js..extensions.enabledItems: {283f22a5-7fd7-4714-a764-693b69dc76e9}:1.1.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20081111
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/03/02 11:30:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/25 16:07:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/06 12:51:16 | 00,000,000 | ---D | M]

[2009/02/25 20:04:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Extensions
[2009/02/25 20:04:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/06 20:22:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions
[2009/03/09 12:44:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/03/05 20:01:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2009/03/05 15:59:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{1ABADB6E-DC4B-11DA-9F70-791A9CD9513E}
[2009/03/05 15:59:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{20291fcc-1471-46c8-8213-0911f5ce6d66}
[2009/03/05 20:01:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2009/02/26 22:45:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{283f22a5-7fd7-4714-a764-693b69dc76e9}
[2009/02/26 22:58:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2009/03/05 20:01:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{41a40cb1-aa9e-47c6-a207-66b9f5875870}
[2009/03/05 15:59:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2009/02/26 21:50:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2009/03/02 11:30:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/02/26 22:45:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2009/03/05 16:00:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a99}
[2009/03/05 20:01:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/03/05 16:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/03/05 20:01:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2009/02/26 22:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\add-to-searchbox@maltekraus.de
[2009/02/25 21:29:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\chachaguidebar@chacha.com
[2009/03/05 16:00:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\decaps@challenger.edu
[2009/03/05 20:01:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\statsclicker@codewolf
[2009/03/05 20:01:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\taboo@runningfrombears.com
[2009/02/26 22:45:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\termblaster@forizon.com
[2009/03/05 19:59:04 | 00,000,960 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Application Data\Mozilla\FireFox\Profiles\oleprncg.default\searchplugins\chacha-search.xml
[2009/02/25 20:04:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/09 20:46:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/09 20:46:19 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/09 20:46:20 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/19 18:28:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/19 18:28:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/19 18:28:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/19 18:28:04 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/19 18:28:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/19 18:28:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/19 18:28:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\..\Toolbar\WebBrowser: (no name) - {9B393B85-708D-4E61-9529-2FA61D4A4904} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon (CANON INC.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSERIAL] rem C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe File not found
O4 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006..\Run: [Registry_Cleaner_ProMFCT] C:\Program Files\Registry_Cleaner_Pro\Registry_Cleaner_Pro.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2007/01/12 13:06:23 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsubleepa Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Owner.laptop\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\..Trusted Domains: 39 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{DEEE7899-EA7B-454E-829B-9C460B602721}\\NameServer = 10.7.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 04:41:16 | 00,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/10 21:30:04 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 13:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[12 C:\WINDOWS\System32\*.tmp files]
[2009/04/10 21:54:30 | 00,500,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.laptop\Desktop\OTListIt2.exe
[2009/04/10 21:30:04 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/04/10 21:21:00 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\Desktop\Flash_Disinfector.exe
[2009/04/10 10:12:22 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\ddp.xls
[2009/04/09 21:23:33 | 00,000,000 | ---D | C] -- C:\scrap books
[2009/04/09 21:17:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\My Documents\girlssb
[2009/04/09 18:12:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2009/04/09 14:05:54 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\Packing for Disney.doc
[2009/04/08 15:21:05 | 00,138,156 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\Southwest Airlines Air Booking Confirmation.tif
[2009/04/06 19:05:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\Application Data\Southwest Airlines
[2009/04/06 19:05:10 | 00,001,807 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\Start Menu\Programs\Startup\DING!.lnk
[2009/04/06 19:05:10 | 00,000,000 | ---D | C] -- C:\Program Files\Southwest Airlines
[2009/04/06 19:00:20 | 06,599,680 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\DingInstall-1.05.exe
[2009/04/02 19:51:00 | 00,020,492 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\cw411.checkfreeweb.com-cw411-wps.tif
[2009/04/02 13:20:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\Application Data\Panasonic
[2009/04/02 12:57:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\ArcSoft
[2009/04/02 12:56:47 | 00,000,026 | ---- | C] () -- C:\UpdaterforApp.ini
[2009/04/02 12:52:53 | 00,126,976 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\MediaImpression Slideshow.scr
[2009/04/02 12:52:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MediaImpression Slideshow
[2009/04/02 12:50:23 | 00,001,760 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
[2009/04/02 12:50:13 | 00,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK2.dll
[2009/04/02 12:50:13 | 00,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICEntry.dll
[2009/04/02 12:50:13 | 00,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK.dll
[2009/04/02 12:50:13 | 00,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/04/02 12:50:13 | 00,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EpPicPrt.dll
[2009/04/02 12:50:13 | 00,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/04/02 12:50:13 | 00,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/04/02 12:50:13 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/04/02 12:50:12 | 00,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EpPicMgr.dll
[2009/04/02 12:50:12 | 00,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/04/02 12:50:12 | 00,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/04/02 12:50:12 | 00,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/04/02 12:50:12 | 00,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/04/02 12:50:12 | 00,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/04/02 12:50:12 | 00,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/04/02 12:50:12 | 00,012,669 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg
[2009/04/02 12:50:12 | 00,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/04/02 12:50:12 | 00,006,478 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg
[2009/04/02 12:50:12 | 00,006,478 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg
[2009/04/02 12:50:12 | 00,006,366 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg
[2009/04/02 12:50:12 | 00,006,366 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg
[2009/04/02 12:50:12 | 00,006,226 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg
[2009/04/02 12:50:12 | 00,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/04/02 12:50:12 | 00,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/04/02 12:50:12 | 00,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/04/02 12:50:12 | 00,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/04/02 12:50:12 | 00,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/04/02 12:49:49 | 00,045,056 | ---- | C] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\PhDi2.sys
[2009/04/02 12:49:43 | 00,000,000 | ---D | C] -- C:\Program Files\Panasonic
[2009/04/01 19:44:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\My Documents\sams 1st
[2009/04/01 19:43:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Caspedia
[2009/04/01 19:43:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\My Documents\sams
[2009/03/30 20:45:08 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/30 14:51:32 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner.laptop\My Documents\spybotsd162.exe
[2009/03/30 14:49:35 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/30 14:49:22 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/30 14:44:39 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/30 14:44:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/30 14:30:19 | 37,452,296 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Owner.laptop\My Documents\Ad-AwareAE.exe
[2009/03/30 14:19:03 | 15,403,200 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\core.zip
[2009/03/29 22:11:43 | 00,270,888 | R--- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2009/03/29 22:11:43 | 00,065,576 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2009/03/29 18:50:50 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\I believe I.doc
[2009/03/29 18:18:38 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\dds.scr
[2009/03/28 22:12:54 | 00,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\MS1000.sys
[2009/03/28 22:12:28 | 00,000,000 | ---D | C] -- C:\Program Files\The Cleaner Demo
[2009/03/28 22:04:22 | 00,000,000 | ---D | C] -- C:\Program Files\Registry_Cleaner_Pro
[2009/03/28 21:16:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Creative Memories
[2009/03/28 21:16:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Creative Memories
[2009/03/28 21:16:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\My Documents\Creative Memories
[2009/03/28 21:16:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\Application Data\Creative Memories
[2009/03/28 21:08:25 | 00,000,000 | ---D | C] -- C:\Program Files\Creative Memories
[2009/03/28 21:07:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Downloaded Installations
[2009/03/27 21:12:15 | 00,108,704 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\secure.reservations.disney.go.com-ibcwdw-en_US-_framewo0001.tif
[2009/03/27 21:09:57 | 00,264,350 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\secure.reservations.disney.go.com-ibcwdw-en_US-_framewo.tif
[2009/03/27 14:11:29 | 00,162,595 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\opera6.htm
[2009/03/27 14:04:01 | 00,195,470 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\opera6.adr
[2009/03/26 08:53:45 | 00,000,000 | ---D | C] -- C:\Program Files\Aspell
[2009/03/25 21:21:00 | 00,058,038 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\TaxACT Online0002.tif
[2009/03/25 21:20:09 | 00,057,524 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\TaxACT Online0001.tif
[2009/03/25 21:17:21 | 00,037,152 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\2008_Illinois_Return.pdf
[2009/03/25 21:16:59 | 00,023,917 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\2008_Federal_Return.pdf
[2009/03/25 21:16:37 | 00,019,816 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\TaxACT Online.tif
[2009/03/25 20:21:07 | 00,024,206 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\2008_previewFederal_1040.pdf
[2009/03/25 19:25:00 | 00,130,992 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\leisha08w4.pdf
[2009/03/25 16:09:50 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/25 16:09:15 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/03/25 16:09:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/25 16:07:57 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/25 16:06:45 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/03/23 18:11:46 | 00,034,380 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\blackttz5.TIF
[2009/03/22 16:13:27 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/03/21 19:22:47 | 00,073,278 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\Printer Friendly - BuyDig.tif
[2009/03/21 17:23:43 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2009/03/21 17:23:43 | 00,225,280 | ---- | C] (Art Dept (nsw) Pty Ltd) -- C:\WINDOWS\System32\CSInstru.DLL
[2009/03/21 00:21:00 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\March 20th.doc
[2009/03/18 18:31:19 | 00,000,000 | ---D | C] -- C:\Program Files\Passcape
[2009/03/18 15:41:43 | 00,000,000 | ---D | C] -- C:\Program Files\Opera 10 Preview
[2009/03/15 14:34:38 | 00,103,936 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\inviteinsidetest.doc
[2009/03/15 14:27:21 | 00,083,054 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\pcclip.jpg
[2009/03/15 14:24:59 | 00,056,936 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\biggercat.jpg
[2009/03/15 14:23:30 | 00,012,388 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\1003.jpg
[2009/03/15 14:23:02 | 00,003,071 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\pc.jpeg
[2009/03/15 14:21:30 | 00,042,348 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\t255457841_41697_2.gif
[2009/03/15 14:14:05 | 00,124,416 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\invitefronttest.doc
[2009/03/15 14:11:14 | 00,102,664 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\pskat1 copysmall.jpg
[2009/03/15 14:08:41 | 00,030,208 | -HS- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\Thumbs.db
[2009/03/14 19:25:11 | 00,000,000 | -HSD | C] -- C:\found.000
[2008/12/18 22:54:47 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{CF055C57-A988-42E6-BDAF-E3D94C6973A8}_WiseFW.ini
[2008/05/22 16:51:39 | 00,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2007/12/25 15:11:11 | 00,000,094 | ---- | C] () -- C:\WINDOWS\MusicRip.ini
[2007/10/01 15:46:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/10/01 15:43:05 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2007/07/25 22:30:58 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/03/25 00:44:51 | 00,000,137 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/05 13:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/03 18:17:47 | 00,000,112 | ---- | C] () -- C:\WINDOWS\WaterIllusion.ini
[2007/02/26 19:22:45 | 00,010,084 | ---- | C] () -- C:\WINDOWS\msvrc20.dll
[2007/02/19 17:41:57 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2007/01/01 20:18:08 | 00,004,568 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/21 16:10:54 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/20 16:49:04 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/04 10:13:33 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/11/04 10:13:13 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/11/04 10:03:13 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/11/04 09:43:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/21 04:48:15 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/17 04:24:58 | 00,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 04:24:57 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 04:23:30 | 00,000,765 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/06/17 04:23:29 | 00,000,282 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 23:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/14 12:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[12 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/10 21:54:31 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.laptop\Desktop\OTListIt2.exe
[2009/04/10 21:40:57 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/10 21:38:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/10 21:38:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/10 21:38:38 | 20,112,79360 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/10 21:37:35 | 33,381,016 | -H-- | M] () -- C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\IconCache.db
[2009/04/10 21:21:01 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Desktop\Flash_Disinfector.exe
[2009/04/10 13:32:50 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\Packing for Disney.doc
[2009/04/10 13:32:44 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\ddp.xls
[2009/04/10 09:43:55 | 35,024,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/10 09:43:55 | 00,092,926 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/09 16:30:01 | 00,000,398 | ---- | M] () -- C:\WINDOWS\tasks\Advanced WindowsCare V2 Pro.job
[2009/04/08 15:21:06 | 00,138,156 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\Southwest Airlines Air Booking Confirmation.tif
[2009/04/08 12:59:46 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\Disney ideas.doc
[2009/04/07 20:59:01 | 00,000,125 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/04/06 19:05:10 | 00,001,807 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Start Menu\Programs\Startup\DING!.lnk
[2009/04/06 19:03:46 | 06,599,680 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\DingInstall-1.05.exe
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 14:49:53 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/02 19:51:00 | 00,020,492 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\cw411.checkfreeweb.com-cw411-wps.tif
[2009/04/02 13:14:31 | 00,111,616 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/02 13:02:04 | 00,236,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/02 12:56:47 | 00,000,026 | ---- | M] () -- C:\UpdaterforApp.ini
[2009/04/02 12:50:23 | 00,001,760 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
[2009/04/01 21:16:02 | 00,000,282 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/30 17:16:09 | 00,004,568 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/03/30 14:58:58 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner.laptop\My Documents\spybotsd162.exe
[2009/03/30 14:43:18 | 37,452,296 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Owner.laptop\My Documents\Ad-AwareAE.exe
[2009/03/30 14:27:14 | 15,403,200 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\core.zip
[2009/03/30 12:37:28 | 00,409,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/30 12:37:28 | 00,064,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/30 12:37:27 | 00,481,674 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/29 18:50:51 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\I believe I.doc
[2009/03/29 18:18:39 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\dds.scr
[2009/03/28 22:12:54 | 00,005,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\MS1000.sys
[2009/03/27 21:12:15 | 00,108,704 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\secure.reservations.disney.go.com-ibcwdw-en_US-_framewo0001.tif
[2009/03/27 21:10:00 | 00,264,350 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\secure.reservations.disney.go.com-ibcwdw-en_US-_framewo.tif
[2009/03/27 14:11:29 | 00,162,595 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\opera6.htm
[2009/03/27 14:09:50 | 00,195,470 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\opera6.adr
[2009/03/26 20:44:42 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/25 21:21:01 | 00,058,038 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\TaxACT Online0002.tif
[2009/03/25 21:20:09 | 00,057,524 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\TaxACT Online0001.tif
[2009/03/25 21:17:21 | 00,037,152 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\2008_Illinois_Return.pdf
[2009/03/25 21:16:59 | 00,023,917 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\2008_Federal_Return.pdf
[2009/03/25 21:16:37 | 00,019,816 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\TaxACT Online.tif
[2009/03/25 20:41:26 | 00,024,206 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\2008_previewFederal_1040.pdf
[2009/03/25 19:25:00 | 00,130,992 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\leisha08w4.pdf
[2009/03/23 18:11:46 | 00,034,380 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\blackttz5.TIF
[2009/03/21 19:22:47 | 00,073,278 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\Printer Friendly - BuyDig.tif
[2009/03/21 17:23:43 | 00,266,240 | ---- | M] () -- C:\WINDOWS\System32\CSHelper.exe
[2009/03/21 17:23:43 | 00,225,280 | ---- | M] (Art Dept (nsw) Pty Ltd) -- C:\WINDOWS\System32\CSInstru.DLL
[2009/03/21 00:21:00 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\March 20th.doc
[2009/03/18 15:41:46 | 00,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\new opera.lnk
[2009/03/15 17:30:29 | 00,103,936 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\inviteinsidetest.doc
[2009/03/15 14:28:38 | 00,030,208 | -HS- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\Thumbs.db
[2009/03/15 14:27:23 | 00,083,054 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\pcclip.jpg
[2009/03/15 14:24:59 | 00,056,936 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\biggercat.jpg
[2009/03/15 14:23:30 | 00,012,388 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\1003.jpg
[2009/03/15 14:23:02 | 00,003,071 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\pc.jpeg
[2009/03/15 14:21:30 | 00,042,348 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\t255457841_41697_2.gif
[2009/03/15 14:14:05 | 00,124,416 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\invitefronttest.doc
[2009/03/15 14:11:18 | 00,102,664 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\pskat1 copysmall.jpg
< End of report >


---------------------------------------


OTListIt Extras logfile created on: 4/10/2009 9:57:13 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.2 Folder = C:\Documents and Settings\Owner.laptop\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 61.97% Memory free
3.72 Gb Paging File | 3.18 Gb Available in Paging File | 85.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.20 Gb Total Space | 39.42 Gb Free Space | 27.72% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.70 Gb Free Space | 68.81% Space Free | Partition Type: FAT32
Drive E: | 7.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera 10 Preview\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3776501660-429245384-3995787351-1006\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/10/14 17:33:08 | 00,012,888 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
[2004/10/15 15:54:12 | 00,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
File not found -- C:\Program Files\Common Files\AOL\1162651741\EE\AOLServiceHost.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
File not found -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe
File not found -- C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI
[2008/11/13 23:07:44 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2009/03/02 11:22:33 | 01,032,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/03/12 20:56:54 | 13,498,664 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/05/16 07:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C0CB1D-FF49-43F1-ADC5-65F05DB7BDD1}" = ATI Catalyst Control Center
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34F85A4D-03CC-428A-80A4-880228646518}" = Safari
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{423CF09F-11C9-410E-9B1A-31E087CED383}" = Opera 10.00
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic
"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{82B1150E-9B37-49FC-83EB-D52197D900D0}" = Sunbelt Personal Firewall
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{8D9D8304-5241-41EB-BC97-D78E094323B7}_is1" = CDBurnerXP
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.6
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9EAB794B-ABC6-4261-821F-326B6CA87AFD}" = LeapFrog Tag Plugin
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BDFE199D-E889-4BB6-BECB-C4BDF5700849}" = Documents To Go
"{C15B6175-689A-4D97-A42C-7225353F60A7}" = Linksys Updater
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF055C57-A988-42E6-BDAF-E3D94C6973A8}" = LeapFrog Connect
"{D1DDE912-03B9-4C1C-A7EB-C60693820E18}" = REALTEK RTL8187 Wireless LAN Driver and Utility
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EF6F70D0-C242-4047-946B-98EA8208481A}" = ArcSoft TotalMedia Backup & Record
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FF8157AA-F640-45BD-B7C2-BAA1016B267A}" = palmOne
"0E5906722E3ECA13747F1633D3F55E9F47120424" = Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"ABC Amber Text2Image Converter" = ABC Amber Text2Image Converter
"Ad-Aware" = Ad-Aware
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Advanced WindowsCare V2 Pro_is1" = Advanced WindowsCare 2.40 Professional
"aignesamdeadlink_is1" = AM-DeadLink 3.1
"All ATI Software" = ATI - Software Uninstall Utility
"allTunes" = allTunes
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AnyDVD" = AnyDVD
"ArtistScope Plugin FX4.2.0.3" = ArtistScope Plugin FX
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.0
"AVS Audio Editor_is1" = AVS Audio Editor version 3.5
"BigFix" = BigFix
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"Canon MP620 series User Registration" = Canon MP620 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"CloneDVD2" = CloneDVD2
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Exsate DV Capture Live_is1" = Exsate DV Capture Live
"GNU Aspell_is1" = GNU Aspell 0.50-3
"gtw_logo" = gtw_logo
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Jasc Paint Shop Pro 9.01 Patch" = Jasc Paint Shop Pro 9.01 Patch
"LG USB Drivers" = LG USB Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Opera" = Opera
"Photodex Presenter" = Photodex Presenter
"Picasa 3" = Picasa 3
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Port Magic" = Pure Networks Port Magic
"RealPlayer 6.0" = RealPlayer
"SecondLife" = SecondLife (remove only)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Skyhook Wireless Wi-Fi Service" = Skyhook Wireless Wi-Fi Service
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.3.1
"Stanza" = Stanza
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"System Requirements Lab" = System Requirements Lab
"UPCShell" = LeapFrog Connect
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OPR" = Opera Password Recovery

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3776501660-429245384-3995787351-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OPR" = Opera Password Recovery

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/16/2009 12:40:21 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module
unknown, version 0.0.0.0, fault address 0x24002bcb.

Error - 3/19/2009 1:18:20 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module
unknown, version 0.0.0.0, fault address 0x24002bcb.

Error - 3/19/2009 5:08:28 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module
unknown, version 0.0.0.0, fault address 0x24002bcb.

Error - 3/27/2009 12:40:55 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module
unknown, version 0.0.0.0, fault address 0x24002bcb.

Error - 3/28/2009 4:12:15 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module
unknown, version 0.0.0.0, fault address 0x24002bcb.

Error - 3/30/2009 3:44:53 PM | Computer Name = LAPTOP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3/31/2009 11:48:57 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module
unknown, version 0.0.0.0, fault address 0x24002bcb.

Error - 4/2/2009 2:00:23 PM | Computer Name = LAPTOP | Source = MsiInstaller | ID = 10005
Description = Product: QuickTime -- A newer version of QuickTime is already installed.
This installation cannot proceed while the newer version of QuickTime is installed.

Error - 4/2/2009 7:02:29 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application opera.exe, version 9.64.10487.0, faulting module
opera.dll, version 9.64.10487.0, fault address 0x0018a892.

Error - 4/4/2009 7:44:10 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application opera.exe, version 9.64.10487.0, faulting module
unknown, version 0.0.0.0, fault address 0x01c17300.

[ System Events ]
Error - 3/14/2009 8:28:29 PM | Computer Name = LAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0014A5D0BDC7 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/15/2009 2:56:54 PM | Computer Name = LAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.108 for the Network Card with network
address 0014A5D0BDC7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/29/2009 6:09:40 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 3/29/2009 6:52:59 PM | Computer Name = LAPTOP | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 3/29/2009 6:52:59 PM | Computer Name = LAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/1/2009 7:13:40 PM | Computer Name = LAPTOP | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 4/1/2009 7:13:40 PM | Computer Name = LAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/9/2009 1:39:38 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 4/9/2009 1:39:53 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the iPod Service service
to connect.

Error - 4/9/2009 1:39:53 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%1053


< End of report >

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 11 April 2009 - 08:53 AM

Hello.

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.


Backup Registry with ERUNT

This tool will create a complete backup of your registry. A backup is created to ensure we have backup so encase anything goes wrong we can deal with it. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

How to Restore from the ERUNT Backup

Only restore from the backups if instructed to, or you need to do so. You need it if after doing something, your computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all.

To restore if you can boot, navigate to C:\WINDOWS\erdnt, choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options.

To restore from the Recovery Console using the Windows CD:
  • Turn on your machine with the disk in the drive.
  • Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
  • Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
  • Type without quotes "cd erdnt" followed by Enter.
  • Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
  • Type without quotes "cd **name of the folder**" followed by Enter.
  • Type without quotes "batch erdnt.con" followed by Enter.
  • Type without quotes "exit" followed by Enter.
  • Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try again with an earlier restore date.


Run Script with OTListIT2

We need to run an OTListIt2 Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTLI
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\..\Toolbar\WebBrowser: (no name) - {9B393B85-708D-4E61-9529-2FA61D4A4904} - Reg Error: Key error. File not found
    :Files
    C:\RECYCLER
    D:\RECYCLER
    D:\Autorun.inf 
    :commands
    [EmptyTemp]
    [Reboot]
  • Push Posted Image
  • OTLI2 may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
Please run flash-drive disinfector again and plug in any removable drives if you haven't already. Exit the program once it's done.

Update Java to Version 6 Update 12

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
*If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
** If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
*** The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Post back with:
-OTLisIT fix log
-New OTListIT scan log

Your log looks okay so what seems to be the problem?

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 shalei

shalei
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 11 April 2009 - 07:27 PM

Nothing seems wrong with my computer. After I got infected with the worm I was worried that it was still hiding somewhere. I guess I didn't know if I could trust Malwarebytes when it found nothing wrong after the initial fix.


========== OTLISTIT ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3776501660-429245384-3995787351-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
Registry value HKEY_USERS\S-1-5-21-3776501660-429245384-3995787351-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9B393B85-708D-4E61-9529-2FA61D4A4904} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B393B85-708D-4E61-9529-2FA61D4A4904}\ not found.
========== FILES ==========
C:\RECYCLER\S-1-5-21-3776501660-429245384-3995787351-1006 moved successfully.
C:\RECYCLER\S-1-5-21-1413345872-347290299-3605980039-500 moved successfully.
C:\RECYCLER moved successfully.
File/Folder D:\RECYCLER not found.
D:\Autorun.inf moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Temporary Internet Files\Content.IE5\3Z6ONQBN\info-awc[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\364 scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.12.2 log created on 04112009_185132

Files moved on Reboot...
C:\Documents and Settings\Owner.laptop\Local Settings\Temporary Internet Files\Content.IE5\3Z6ONQBN\info-awc[1].htm moved successfully.
File C:\WINDOWS\temp\hsperfdata_SYSTEM\364 not found!
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\adoc.bx moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\md.dat moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\url.ax moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\w.ax moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\wb.vx moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\adoc.bx moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\md.dat moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\url.ax moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\w.ax moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\wb.vx moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\adoc.bx moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\md.dat moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\url.ax moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\w.ax moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\wb.vx moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\adoc.bx moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\md.dat moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\url.ax moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\w.ax moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\wb.vx moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\adoc.bx moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\md.dat moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\url.ax moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\w.ax moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\wb.vx moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax moved successfully.
C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx moved successfully.

Registry entries deleted on Reboot...

--------------------------------------------------------------


OTListIt logfile created on: 4/11/2009 7:17:23 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.12.2 Folder = C:\Documents and Settings\Owner.laptop\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 63.32% Memory free
3.72 Gb Paging File | 3.20 Gb Available in Paging File | 86.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.20 Gb Total Space | 39.28 Gb Free Space | 27.62% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.70 Gb Free Space | 68.81% Space Free | Partition Type: FAT32
Drive E: | 7.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/04/05 00:52:38 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/04/17 14:14:48 | 00,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2004/10/04 05:47:04 | 00,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/02 11:29:55 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/03/21 17:23:43 | 00,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2009/03/02 11:29:59 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2006/04/05 00:52:38 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2008/11/25 13:48:38 | 00,991,232 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2008/01/15 10:28:20 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2007/05/04 09:27:00 | 00,071,360 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2004/10/04 04:40:50 | 00,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2009/04/11 19:12:40 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2006/11/04 09:59:15 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/10/31 07:24:28 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2008/10/31 07:24:28 | 01,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
PRC - [2007/01/03 13:53:52 | 00,131,072 | ---- | M] (Skyhook Wireless) -- C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
PRC - [2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/05/16 07:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/10/31 07:24:26 | 01,705,256 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
PRC - [2005/08/05 22:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/08/05 22:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2006/05/19 15:51:16 | 00,774,233 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/12/27 13:20:14 | 00,413,696 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/03/23 18:26:09 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2009/03/02 11:29:53 | 01,601,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2007/05/21 03:37:36 | 00,124,512 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2008/05/16 07:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/05/21 18:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/04/17 14:14:00 | 00,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007/11/16 14:43:16 | 00,040,960 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2006/06/22 14:15:48 | 00,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe
PRC - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/04/11 19:12:41 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/04/11 19:12:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/04/10 21:54:31 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.laptop\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/17 14:14:48 | 00,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon [Auto | Running])
SRV - File not found -- -- (AcrSch2Svc [Disabled | Stopped])
SRV - [2007/05/03 20:47:58 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2004/10/04 05:47:04 | 00,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor [Auto | Running])
SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Disabled | Stopped])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/04/05 00:52:38 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/03/02 11:29:55 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/21 17:23:43 | 00,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper [Auto | Running])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2007/01/03 20:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [On_Demand | Stopped])
SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/09 14:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Stopped])
SRV - [2008/11/25 13:48:38 | 00,991,232 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service [Auto | Running])
SRV - [2008/01/15 10:28:20 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater [Auto | Running])
SRV - [2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 13:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/05/21 18:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
SRV - [2007/05/04 09:27:00 | 00,071,360 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
SRV - [2008/05/16 07:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/10/04 04:40:50 | 00,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect [Auto | Running])
SRV - [2006/11/04 09:59:15 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
SRV - [2008/10/31 07:24:28 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher [Auto | Running])
SRV - [2008/10/31 07:24:28 | 01,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4 [Auto | Running])
SRV - [2005/11/12 00:40:52 | 00,018,944 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Disabled | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2007/01/03 13:53:52 | 00,131,072 | ---- | M] (Skyhook Wireless) -- C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe -- (WPSScannerSvc [Auto | Running])
SRV - [2009/04/11 19:12:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/11/04 09:51:18 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/02/23 15:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2001/08/17 22:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2006/06/19 02:37:34 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2006/12/26 15:43:12 | 00,035,144 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
DRV - [2001/08/17 22:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 22:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2006/04/05 00:58:44 | 01,536,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/03/02 11:29:59 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/03/02 11:29:59 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2005/11/02 17:24:24 | 00,424,320 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2006/10/04 21:42:42 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2006/10/04 21:42:42 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2001/08/17 22:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2001/08/17 22:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2006/12/26 15:43:08 | 00,015,440 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])
DRV - [2006/12/13 18:41:48 | 00,011,984 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
DRV - [2008/11/25 13:39:04 | 00,018,560 | ---- | M] (LeapFrog) -- C:\WINDOWS\system32\DRIVERS\FlyUsb.sys -- (FlyUsb [On_Demand | Stopped])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2009/03/09 14:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2001/08/17 22:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2009/03/28 22:12:54 | 00,005,376 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\MS1000.sys -- (MS1000 [On_Demand | Stopped])
DRV - [2007/01/06 21:29:05 | 00,016,694 | ---- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2008/04/28 21:03:53 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2008/05/16 07:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\pnarp.sys -- (pnarp [Auto | Running])
DRV - [2005/03/15 04:45:20 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2004/08/10 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/05/16 07:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\purendis.sys -- (purendis [Auto | Running])
DRV - [2008/07/31 17:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 22:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 22:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 22:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2008/10/31 07:09:06 | 00,270,888 | R--- | M] (Sunbelt Software, Inc.) -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw [System | Running])
DRV - [2008/06/21 04:54:54 | 00,065,576 | ---- | M] (Sunbelt Software, Inc.) -- C:\WINDOWS\system32\DRIVERS\sbfwim.sys -- (SBFWIMCL [On_Demand | Running])
DRV - [2008/06/21 04:54:54 | 00,066,600 | R--- | M] (Sunbelt Software, Inc.) -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips [System | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2006/05/23 22:30:06 | 00,893,952 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])
DRV - [2002/10/15 22:41:06 | 00,102,220 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\sonypvs1.sys -- (sonypvs1 [On_Demand | Stopped])
DRV - [2001/08/17 23:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2006/06/15 18:28:04 | 01,179,784 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 14:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2001/08/17 23:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 23:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 23:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 23:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2006/05/19 15:24:20 | 00,193,088 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2005/09/21 03:30:56 | 00,162,432 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2001/08/17 22:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Stopped])
DRV - [2007/01/03 13:53:48 | 00,012,416 | ---- | M] (Skyhook Wireless) -- C:\WINDOWS\system32\DRIVERS\wpsnuio.sys -- (Wpsnuio [On_Demand | Running])
DRV - [2006/05/23 10:56:00 | 00,245,248 | ---- | M] (Marvell) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TB&M=MX6453


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6453
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6453
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6453
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6453
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6453
IE - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\S-1-5-21-3776501660-429245384-3995787351-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\S-1-5-21-3776501660-429245384-3995787351-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.9
FF - prefs.js..extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:0.9.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: chachaguidebar@chacha.com:1.2
FF - prefs.js..extensions.enabledItems: statsclicker@codewolf:1.6
FF - prefs.js..extensions.enabledItems: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1
FF - prefs.js..extensions.enabledItems: decaps@challenger.edu:1.6
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a99}:3.0.4
FF - prefs.js..extensions.enabledItems: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.69
FF - prefs.js..extensions.enabledItems: {1ABADB6E-DC4B-11DA-9F70-791A9CD9513E}:0.5.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.5.1
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4
FF - prefs.js..extensions.enabledItems: {20291fcc-1471-46c8-8213-0911f5ce6d66}:1.9.0
FF - prefs.js..extensions.enabledItems: {41a40cb1-aa9e-47c6-a207-66b9f5875870}:0.2.1
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.5.2008112201
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.7.3
FF - prefs.js..extensions.enabledItems: taboo@runningfrombears.com:0.6.0
FF - prefs.js..extensions.enabledItems: termblaster@forizon.com:2.0.5
FF - prefs.js..extensions.enabledItems: {283f22a5-7fd7-4714-a764-693b69dc76e9}:1.1.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20081111
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/03/02 11:30:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/11 19:12:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/25 16:07:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/11 19:13:03 | 00,000,000 | ---D | M]

[2009/02/25 20:04:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Extensions
[2009/02/25 20:04:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/06 20:22:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions
[2009/03/09 12:44:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/03/05 20:01:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2009/03/05 15:59:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{1ABADB6E-DC4B-11DA-9F70-791A9CD9513E}
[2009/03/05 15:59:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{20291fcc-1471-46c8-8213-0911f5ce6d66}
[2009/03/05 20:01:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2009/02/26 22:45:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{283f22a5-7fd7-4714-a764-693b69dc76e9}
[2009/02/26 22:58:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2009/03/05 20:01:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{41a40cb1-aa9e-47c6-a207-66b9f5875870}
[2009/03/05 15:59:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2009/02/26 21:50:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2009/03/02 11:30:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/02/26 22:45:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2009/03/05 16:00:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a99}
[2009/03/05 20:01:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/03/05 16:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/03/05 20:01:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2009/02/26 22:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\add-to-searchbox@maltekraus.de
[2009/02/25 21:29:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\chachaguidebar@chacha.com
[2009/03/05 16:00:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\decaps@challenger.edu
[2009/03/05 20:01:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\statsclicker@codewolf
[2009/03/05 20:01:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\taboo@runningfrombears.com
[2009/02/26 22:45:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\termblaster@forizon.com
[2009/03/05 19:59:04 | 00,000,960 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Application Data\Mozilla\FireFox\Profiles\oleprncg.default\searchplugins\chacha-search.xml
[2009/04/11 19:13:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/09 20:46:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/11 19:13:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/09 20:46:19 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/09 20:46:20 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/19 18:28:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/19 18:28:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/19 18:28:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/19 18:28:04 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/19 18:28:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/19 18:28:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/19 18:28:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll (Gateway Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon (CANON INC.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSERIAL] rem C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe File not found
O4 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006..\Run: [Registry_Cleaner_ProMFCT] C:\Program Files\Registry_Cleaner_Pro\Registry_Cleaner_Pro.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2007/01/12 13:06:23 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsubleepa Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Owner.laptop\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O4 - Startup: C:\Documents and Settings\Owner.laptop\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3776501660-429245384-3995787351-1006\..Trusted Domains: 39 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{DEEE7899-EA7B-454E-829B-9C460B602721}\\NameServer = 10.7.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 04:41:16 | 00,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/10 21:30:04 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/04/11 19:15:06 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[12 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/11 19:00:35 | 16,283,032 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\Desktop\jre-6u13-windows-i586-p.exe
[2009/04/11 18:52:32 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/11 18:50:19 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/11 18:47:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/11 18:47:29 | 00,000,777 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/11 18:46:59 | 00,000,621 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\Desktop\NTREGOPT.lnk
[2009/04/11 18:46:58 | 00,000,602 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\Desktop\ERUNT.lnk
[2009/04/11 18:46:54 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/10 21:54:30 | 00,500,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.laptop\Desktop\OTListIt2.exe
[2009/04/10 21:30:04 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/04/10 21:21:00 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\Desktop\Flash_Disinfector.exe
[2009/04/10 10:12:22 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\ddp.xls
[2009/04/09 21:23:33 | 00,000,000 | ---D | C] -- C:\scrap books
[2009/04/09 21:17:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\My Documents\girlssb
[2009/04/09 18:12:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2009/04/09 14:05:54 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\Packing for Disney.doc
[2009/04/08 15:21:05 | 00,138,156 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\Southwest Airlines Air Booking Confirmation.tif
[2009/04/06 19:05:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\Application Data\Southwest Airlines
[2009/04/06 19:05:10 | 00,001,807 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\Start Menu\Programs\Startup\DING!.lnk
[2009/04/06 19:05:10 | 00,000,000 | ---D | C] -- C:\Program Files\Southwest Airlines
[2009/04/06 19:00:20 | 06,599,680 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\DingInstall-1.05.exe
[2009/04/02 19:51:00 | 00,020,492 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\cw411.checkfreeweb.com-cw411-wps.tif
[2009/04/02 13:20:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\Application Data\Panasonic
[2009/04/02 12:57:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\ArcSoft
[2009/04/02 12:56:47 | 00,000,026 | ---- | C] () -- C:\UpdaterforApp.ini
[2009/04/02 12:52:53 | 00,126,976 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\MediaImpression Slideshow.scr
[2009/04/02 12:52:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MediaImpression Slideshow
[2009/04/02 12:50:23 | 00,001,760 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
[2009/04/02 12:50:13 | 00,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK2.dll
[2009/04/02 12:50:13 | 00,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICEntry.dll
[2009/04/02 12:50:13 | 00,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK.dll
[2009/04/02 12:50:13 | 00,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/04/02 12:50:13 | 00,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EpPicPrt.dll
[2009/04/02 12:50:13 | 00,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/04/02 12:50:13 | 00,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/04/02 12:50:13 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/04/02 12:50:12 | 00,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EpPicMgr.dll
[2009/04/02 12:50:12 | 00,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/04/02 12:50:12 | 00,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/04/02 12:50:12 | 00,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/04/02 12:50:12 | 00,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/04/02 12:50:12 | 00,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/04/02 12:50:12 | 00,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/04/02 12:50:12 | 00,012,669 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg
[2009/04/02 12:50:12 | 00,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/04/02 12:50:12 | 00,006,478 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg
[2009/04/02 12:50:12 | 00,006,478 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg
[2009/04/02 12:50:12 | 00,006,366 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg
[2009/04/02 12:50:12 | 00,006,366 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg
[2009/04/02 12:50:12 | 00,006,226 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg
[2009/04/02 12:50:12 | 00,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/04/02 12:50:12 | 00,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/04/02 12:50:12 | 00,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/04/02 12:50:12 | 00,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/04/02 12:50:12 | 00,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/04/02 12:49:49 | 00,045,056 | ---- | C] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\PhDi2.sys
[2009/04/02 12:49:43 | 00,000,000 | ---D | C] -- C:\Program Files\Panasonic
[2009/04/01 19:44:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\My Documents\sams 1st
[2009/04/01 19:43:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Caspedia
[2009/04/01 19:43:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\My Documents\sams
[2009/03/30 20:45:08 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/30 14:51:32 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner.laptop\My Documents\spybotsd162.exe
[2009/03/30 14:49:35 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/30 14:49:22 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/30 14:44:39 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/30 14:44:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/30 14:30:19 | 37,452,296 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Owner.laptop\My Documents\Ad-AwareAE.exe
[2009/03/30 14:19:03 | 15,403,200 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\core.zip
[2009/03/29 22:11:43 | 00,270,888 | R--- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2009/03/29 22:11:43 | 00,065,576 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2009/03/29 18:50:50 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\I believe I.doc
[2009/03/29 18:18:38 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\dds.scr
[2009/03/28 22:12:54 | 00,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\MS1000.sys
[2009/03/28 22:12:28 | 00,000,000 | ---D | C] -- C:\Program Files\The Cleaner Demo
[2009/03/28 22:04:22 | 00,000,000 | ---D | C] -- C:\Program Files\Registry_Cleaner_Pro
[2009/03/28 21:16:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Creative Memories
[2009/03/28 21:16:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Creative Memories
[2009/03/28 21:16:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\My Documents\Creative Memories
[2009/03/28 21:16:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\Application Data\Creative Memories
[2009/03/28 21:08:25 | 00,000,000 | ---D | C] -- C:\Program Files\Creative Memories
[2009/03/28 21:07:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Downloaded Installations
[2009/03/27 21:12:15 | 00,108,704 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\secure.reservations.disney.go.com-ibcwdw-en_US-_framewo0001.tif
[2009/03/27 21:09:57 | 00,264,350 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\secure.reservations.disney.go.com-ibcwdw-en_US-_framewo.tif
[2009/03/27 14:11:29 | 00,162,595 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\opera6.htm
[2009/03/27 14:04:01 | 00,195,470 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\opera6.adr
[2009/03/26 08:53:45 | 00,000,000 | ---D | C] -- C:\Program Files\Aspell
[2009/03/25 21:21:00 | 00,058,038 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\TaxACT Online0002.tif
[2009/03/25 21:20:09 | 00,057,524 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\TaxACT Online0001.tif
[2009/03/25 21:17:21 | 00,037,152 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\2008_Illinois_Return.pdf
[2009/03/25 21:16:59 | 00,023,917 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\2008_Federal_Return.pdf
[2009/03/25 21:16:37 | 00,019,816 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\TaxACT Online.tif
[2009/03/25 20:21:07 | 00,024,206 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\2008_previewFederal_1040.pdf
[2009/03/25 19:25:00 | 00,130,992 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\leisha08w4.pdf
[2009/03/25 16:09:50 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/25 16:09:15 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/03/25 16:09:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/25 16:07:57 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/25 16:06:45 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/03/23 18:11:46 | 00,034,380 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\blackttz5.TIF
[2009/03/22 16:13:27 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/03/21 19:22:47 | 00,073,278 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\Printer Friendly - BuyDig.tif
[2009/03/21 17:23:43 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2009/03/21 17:23:43 | 00,225,280 | ---- | C] (Art Dept (nsw) Pty Ltd) -- C:\WINDOWS\System32\CSInstru.DLL
[2009/03/21 00:21:00 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\March 20th.doc
[2009/03/18 18:31:19 | 00,000,000 | ---D | C] -- C:\Program Files\Passcape
[2009/03/18 15:41:43 | 00,000,000 | ---D | C] -- C:\Program Files\Opera 10 Preview
[2009/03/15 14:34:38 | 00,103,936 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\inviteinsidetest.doc
[2009/03/15 14:27:21 | 00,083,054 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\pcclip.jpg
[2009/03/15 14:24:59 | 00,056,936 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\biggercat.jpg
[2009/03/15 14:23:30 | 00,012,388 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\1003.jpg
[2009/03/15 14:23:02 | 00,003,071 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\pc.jpeg
[2009/03/15 14:21:30 | 00,042,348 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\t255457841_41697_2.gif
[2009/03/15 14:14:05 | 00,124,416 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\invitefronttest.doc
[2009/03/15 14:11:14 | 00,102,664 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\pskat1 copysmall.jpg
[2009/03/15 14:08:41 | 00,030,208 | -HS- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\Thumbs.db
[2009/03/14 19:25:11 | 00,000,000 | -HSD | C] -- C:\found.000
[2008/12/18 22:54:47 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{CF055C57-A988-42E6-BDAF-E3D94C6973A8}_WiseFW.ini
[2008/05/22 16:51:39 | 00,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2007/12/25 15:11:11 | 00,000,094 | ---- | C] () -- C:\WINDOWS\MusicRip.ini
[2007/10/01 15:46:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/10/01 15:43:05 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2007/07/25 22:30:58 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/03/25 00:44:51 | 00,000,137 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/05 13:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/03 18:17:47 | 00,000,112 | ---- | C] () -- C:\WINDOWS\WaterIllusion.ini
[2007/02/26 19:22:45 | 00,010,084 | ---- | C] () -- C:\WINDOWS\msvrc20.dll
[2007/02/19 17:41:57 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2007/01/01 20:18:08 | 00,004,568 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/21 16:10:54 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/20 16:49:04 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/04 10:13:33 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/11/04 10:13:13 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/11/04 10:03:13 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/11/04 09:43:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/21 04:48:15 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/17 04:24:58 | 00,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 04:24:57 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 04:23:30 | 00,000,765 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/06/17 04:23:29 | 00,000,282 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 23:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/14 12:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[12 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/11 19:09:43 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/11 19:08:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/11 19:08:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/11 19:08:19 | 20,112,79360 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/11 19:07:13 | 33,383,402 | -H-- | M] () -- C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\IconCache.db
[2009/04/11 19:04:59 | 16,283,032 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Desktop\jre-6u13-windows-i586-p.exe
[2009/04/11 18:47:29 | 00,000,777 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/11 18:46:59 | 00,000,621 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Desktop\NTREGOPT.lnk
[2009/04/11 18:46:58 | 00,000,602 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Desktop\ERUNT.lnk
[2009/04/11 16:30:01 | 00,000,398 | ---- | M] () -- C:\WINDOWS\tasks\Advanced WindowsCare V2 Pro.job
[2009/04/11 08:09:27 | 35,043,589 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/11 08:09:27 | 00,093,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/10 21:54:31 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.laptop\Desktop\OTListIt2.exe
[2009/04/10 21:21:01 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Desktop\Flash_Disinfector.exe
[2009/04/10 13:32:50 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\Packing for Disney.doc
[2009/04/10 13:32:44 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\ddp.xls
[2009/04/08 15:21:06 | 00,138,156 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\Southwest Airlines Air Booking Confirmation.tif
[2009/04/08 12:59:46 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\Disney ideas.doc
[2009/04/07 20:59:01 | 00,000,125 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/04/06 19:05:10 | 00,001,807 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Start Menu\Programs\Startup\DING!.lnk
[2009/04/06 19:03:46 | 06,599,680 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\DingInstall-1.05.exe
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 14:49:53 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/02 19:51:00 | 00,020,492 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\cw411.checkfreeweb.com-cw411-wps.tif
[2009/04/02 13:14:31 | 00,111,616 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/02 13:02:04 | 00,236,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/02 12:56:47 | 00,000,026 | ---- | M] () -- C:\UpdaterforApp.ini
[2009/04/02 12:50:23 | 00,001,760 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
[2009/04/01 21:16:02 | 00,000,282 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/30 17:16:09 | 00,004,568 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/03/30 14:58:58 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner.laptop\My Documents\spybotsd162.exe
[2009/03/30 14:43:18 | 37,452,296 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Owner.laptop\My Documents\Ad-AwareAE.exe
[2009/03/30 14:27:14 | 15,403,200 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\core.zip
[2009/03/30 12:37:28 | 00,409,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/30 12:37:28 | 00,064,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/30 12:37:27 | 00,481,674 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/29 18:50:51 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\I believe I.doc
[2009/03/29 18:18:39 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\dds.scr
[2009/03/28 22:12:54 | 00,005,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\MS1000.sys
[2009/03/27 21:12:15 | 00,108,704 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\secure.reservations.disney.go.com-ibcwdw-en_US-_framewo0001.tif
[2009/03/27 21:10:00 | 00,264,350 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\secure.reservations.disney.go.com-ibcwdw-en_US-_framewo.tif
[2009/03/27 14:11:29 | 00,162,595 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\opera6.htm
[2009/03/27 14:09:50 | 00,195,470 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\opera6.adr
[2009/03/26 20:44:42 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/25 21:21:01 | 00,058,038 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\TaxACT Online0002.tif
[2009/03/25 21:20:09 | 00,057,524 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\TaxACT Online0001.tif
[2009/03/25 21:17:21 | 00,037,152 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\2008_Illinois_Return.pdf
[2009/03/25 21:16:59 | 00,023,917 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\2008_Federal_Return.pdf
[2009/03/25 21:16:37 | 00,019,816 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\TaxACT Online.tif
[2009/03/25 20:41:26 | 00,024,206 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\2008_previewFederal_1040.pdf
[2009/03/25 19:25:00 | 00,130,992 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\leisha08w4.pdf
[2009/03/23 18:11:46 | 00,034,380 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\blackttz5.TIF
[2009/03/21 19:22:47 | 00,073,278 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\Printer Friendly - BuyDig.tif
[2009/03/21 17:23:43 | 00,266,240 | ---- | M] () -- C:\WINDOWS\System32\CSHelper.exe
[2009/03/21 17:23:43 | 00,225,280 | ---- | M] (Art Dept (nsw) Pty Ltd) -- C:\WINDOWS\System32\CSInstru.DLL
[2009/03/21 00:21:00 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\March 20th.doc
[2009/03/18 15:41:46 | 00,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\new opera.lnk
[2009/03/15 17:30:29 | 00,103,936 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\inviteinsidetest.doc
[2009/03/15 14:28:38 | 00,030,208 | -HS- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\Thumbs.db
[2009/03/15 14:27:23 | 00,083,054 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\pcclip.jpg
[2009/03/15 14:24:59 | 00,056,936 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\biggercat.jpg
[2009/03/15 14:23:30 | 00,012,388 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\1003.jpg
[2009/03/15 14:23:02 | 00,003,071 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\pc.jpeg
[2009/03/15 14:21:30 | 00,042,348 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\t255457841_41697_2.gif
[2009/03/15 14:14:05 | 00,124,416 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\invitefronttest.doc
[2009/03/15 14:11:18 | 00,102,664 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\pskat1 copysmall.jpg
< End of report >

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 11 April 2009 - 07:55 PM

Hello.

That looks good. Please run an online scan for me and then re-run OTListIT2 and post back with a New log.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 14 April 2009 - 02:46 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the day I replied, the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 shalei

shalei
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 14 April 2009 - 07:06 PM

KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, April 14, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, April 14, 2009 20:59:22
Records in database: 2044167

Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Files scanned 141025
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 03:03:01

File name Threat name Threats count
D:\i386\Apps\App00577\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.



OTListIt logfile created on: 4/14/2009 6:59:39 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.12.2 Folder = C:\Documents and Settings\Owner.laptop\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 58.93% Memory free
3.72 Gb Paging File | 2.78 Gb Available in Paging File | 74.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.20 Gb Total Space | 39.11 Gb Free Space | 27.50% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.70 Gb Free Space | 68.81% Space Free | Partition Type: FAT32
Drive E: | 7.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/04/05 00:52:38 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/04/17 14:14:48 | 00,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2004/10/04 05:47:04 | 00,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/02 11:29:55 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/03/21 17:23:43 | 00,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2009/03/02 11:29:59 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2006/04/05 00:52:38 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2008/11/25 13:48:38 | 00,991,232 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2008/01/15 10:28:20 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2007/05/04 09:27:00 | 00,071,360 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2004/10/04 04:40:50 | 00,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2009/04/11 19:12:40 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2006/11/04 09:59:15 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/10/31 07:24:28 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2007/01/03 13:53:52 | 00,131,072 | ---- | M] (Skyhook Wireless) -- C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
PRC - [2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/05/16 07:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2005/08/05 22:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/08/05 22:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2006/05/19 15:51:16 | 00,774,233 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/12/27 13:20:14 | 00,413,696 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/03/23 18:26:09 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2007/05/21 03:37:36 | 00,124,512 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2008/05/16 07:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/05/21 18:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/04/17 14:14:00 | 00,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007/11/16 14:43:16 | 00,040,960 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2006/06/22 14:15:48 | 00,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe
PRC - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/04/11 19:12:41 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/04/11 19:12:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/23 14:30:28 | 02,639,872 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe
PRC - [2009/02/26 10:49:18 | 00,099,328 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009/03/02 11:29:53 | 03,344,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgui.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2009/04/14 13:40:29 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Owner.laptop\Local Settings\Temp\jkos-Owner\binaries\ScanningProcess.exe
PRC - [2009/04/14 13:40:29 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Owner.laptop\Local Settings\Temp\jkos-Owner\binaries\ScanningProcess.exe
PRC - [2009/04/10 21:54:31 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.laptop\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/17 14:14:48 | 00,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon [Auto | Running])
SRV - File not found -- -- (AcrSch2Svc [Disabled | Stopped])
SRV - [2007/05/03 20:47:58 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2004/10/04 05:47:04 | 00,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor [Auto | Running])
SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Disabled | Stopped])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/04/05 00:52:38 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/03/02 11:29:55 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/21 17:23:43 | 00,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper [Auto | Running])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2007/01/03 20:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [On_Demand | Stopped])
SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/09 14:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Stopped])
SRV - [2008/11/25 13:48:38 | 00,991,232 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service [Auto | Running])
SRV - [2008/01/15 10:28:20 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater [Auto | Running])
SRV - [2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 13:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/05/21 18:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
SRV - [2007/05/04 09:27:00 | 00,071,360 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
SRV - [2008/05/16 07:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/10/04 04:40:50 | 00,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect [Auto | Running])
SRV - [2006/11/04 09:59:15 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
SRV - [2008/10/31 07:24:28 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher [Auto | Running])
SRV - [2008/10/31 07:24:28 | 01,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4 [Auto | Stopped])
SRV - [2005/11/12 00:40:52 | 00,018,944 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Disabled | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2007/01/03 13:53:52 | 00,131,072 | ---- | M] (Skyhook Wireless) -- C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe -- (WPSScannerSvc [Auto | Running])
SRV - [2009/04/11 19:12:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/11/04 09:51:18 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/02/23 15:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2001/08/17 22:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2006/06/19 02:37:34 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2006/12/26 15:43:12 | 00,035,144 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
DRV - [2001/08/17 22:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 22:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2006/04/05 00:58:44 | 01,536,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/03/02 11:29:59 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/03/02 11:29:59 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2005/11/02 17:24:24 | 00,424,320 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2006/10/04 21:42:42 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2006/10/04 21:42:42 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2001/08/17 22:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2001/08/17 22:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2006/12/26 15:43:08 | 00,015,440 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])
DRV - [2006/12/13 18:41:48 | 00,011,984 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
DRV - [2008/11/25 13:39:04 | 00,018,560 | ---- | M] (LeapFrog) -- C:\WINDOWS\system32\DRIVERS\FlyUsb.sys -- (FlyUsb [On_Demand | Stopped])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2009/03/09 14:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2001/08/17 22:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2009/03/28 22:12:54 | 00,005,376 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\MS1000.sys -- (MS1000 [On_Demand | Stopped])
DRV - [2007/01/06 21:29:05 | 00,016,694 | ---- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2008/04/28 21:03:53 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2008/05/16 07:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\pnarp.sys -- (pnarp [Auto | Running])
DRV - [2005/03/15 04:45:20 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2004/08/10 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/05/16 07:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\purendis.sys -- (purendis [Auto | Running])
DRV - [2008/07/31 17:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 22:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 22:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 22:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2008/10/31 07:09:06 | 00,270,888 | R--- | M] (Sunbelt Software, Inc.) -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw [System | Running])
DRV - [2008/06/21 04:54:54 | 00,065,576 | ---- | M] (Sunbelt Software, Inc.) -- C:\WINDOWS\system32\DRIVERS\sbfwim.sys -- (SBFWIMCL [On_Demand | Running])
DRV - [2008/06/21 04:54:54 | 00,066,600 | R--- | M] (Sunbelt Software, Inc.) -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips [System | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2006/05/23 22:30:06 | 00,893,952 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])
DRV - [2002/10/15 22:41:06 | 00,102,220 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\sonypvs1.sys -- (sonypvs1 [On_Demand | Stopped])
DRV - [2001/08/17 23:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2006/06/15 18:28:04 | 01,179,784 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 14:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2001/08/17 23:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 23:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 23:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 23:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2006/05/19 15:24:20 | 00,193,088 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2005/09/21 03:30:56 | 00,162,432 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2001/08/17 22:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Stopped])
DRV - [2007/01/03 13:53:48 | 00,012,416 | ---- | M] (Skyhook Wireless) -- C:\WINDOWS\system32\DRIVERS\wpsnuio.sys -- (Wpsnuio [On_Demand | Running])
DRV - [2006/05/23 10:56:00 | 00,245,248 | ---- | M] (Marvell) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TB&M=MX6453

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6453
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.9
FF - prefs.js..extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:0.9.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: chachaguidebar@chacha.com:1.2
FF - prefs.js..extensions.enabledItems: statsclicker@codewolf:1.6
FF - prefs.js..extensions.enabledItems: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1
FF - prefs.js..extensions.enabledItems: decaps@challenger.edu:1.6
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a99}:3.0.4
FF - prefs.js..extensions.enabledItems: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.69
FF - prefs.js..extensions.enabledItems: {1ABADB6E-DC4B-11DA-9F70-791A9CD9513E}:0.5.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.5.1
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4
FF - prefs.js..extensions.enabledItems: {20291fcc-1471-46c8-8213-0911f5ce6d66}:1.9.0
FF - prefs.js..extensions.enabledItems: {41a40cb1-aa9e-47c6-a207-66b9f5875870}:0.2.1
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.5.2008112201
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.7.3
FF - prefs.js..extensions.enabledItems: taboo@runningfrombears.com:0.6.0
FF - prefs.js..extensions.enabledItems: termblaster@forizon.com:2.0.5
FF - prefs.js..extensions.enabledItems: {283f22a5-7fd7-4714-a764-693b69dc76e9}:1.1.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20081111
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/03/02 11:30:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/11 19:12:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/25 16:07:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/11 19:13:03 | 00,000,000 | ---D | M]

[2009/02/25 20:04:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Extensions
[2009/02/25 20:04:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/06 20:22:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions
[2009/03/09 12:44:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/03/05 20:01:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2009/03/05 15:59:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{1ABADB6E-DC4B-11DA-9F70-791A9CD9513E}
[2009/03/05 15:59:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{20291fcc-1471-46c8-8213-0911f5ce6d66}
[2009/03/05 20:01:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2009/02/26 22:45:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{283f22a5-7fd7-4714-a764-693b69dc76e9}
[2009/02/26 22:58:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2009/03/05 20:01:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{41a40cb1-aa9e-47c6-a207-66b9f5875870}
[2009/03/05 15:59:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2009/02/26 21:50:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2009/03/02 11:30:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/02/26 22:45:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2009/03/05 16:00:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a99}
[2009/03/05 20:01:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/03/05 16:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/03/05 20:01:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2009/02/26 22:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\add-to-searchbox@maltekraus.de
[2009/02/25 21:29:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\chachaguidebar@chacha.com
[2009/03/05 16:00:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\decaps@challenger.edu
[2009/03/05 20:01:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\statsclicker@codewolf
[2009/03/05 20:01:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\taboo@runningfrombears.com
[2009/02/26 22:45:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.laptop\Application Data\mozilla\Firefox\Profiles\oleprncg.default\extensions\termblaster@forizon.com
[2009/03/05 19:59:04 | 00,000,960 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Application Data\Mozilla\FireFox\Profiles\oleprncg.default\searchplugins\chacha-search.xml
[2009/04/11 19:13:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/09 20:46:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/11 19:13:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/09 20:46:19 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/09 20:46:20 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/19 18:28:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/19 18:28:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/19 18:28:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/19 18:28:04 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/19 18:28:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/19 18:28:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/19 18:28:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll (Gateway Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon (CANON INC.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSERIAL] rem C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe File not found
O4 - HKCU..\Run: [Registry_Cleaner_ProMFCT] C:\Program Files\Registry_Cleaner_Pro\Registry_Cleaner_Pro.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2007/01/12 13:06:23 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsubleepa Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Owner.laptop\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O4 - Startup: C:\Documents and Settings\Owner.laptop\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 39 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{DEEE7899-EA7B-454E-829B-9C460B602721}\\NameServer = 10.7.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 04:41:16 | 00,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/10 21:30:04 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/04/11 19:15:06 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[12 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/14 18:59:19 | 00,002,897 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\Desktop\kasperskyscan.html
[2009/04/11 18:52:32 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/11 18:50:19 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/11 18:47:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/11 18:47:29 | 00,000,777 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/11 18:46:59 | 00,000,621 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\Desktop\NTREGOPT.lnk
[2009/04/11 18:46:58 | 00,000,602 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\Desktop\ERUNT.lnk
[2009/04/11 18:46:54 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/10 21:54:30 | 00,500,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.laptop\Desktop\OTListIt2.exe
[2009/04/10 21:30:04 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/04/10 21:21:00 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\Desktop\Flash_Disinfector.exe
[2009/04/10 10:12:22 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\ddp.xls
[2009/04/09 21:23:33 | 00,000,000 | ---D | C] -- C:\scrap books
[2009/04/09 21:17:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\My Documents\girlssb
[2009/04/09 18:12:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2009/04/09 14:05:54 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\Packing for Disney.doc
[2009/04/08 15:21:05 | 00,138,156 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\Southwest Airlines Air Booking Confirmation.tif
[2009/04/06 19:05:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\Application Data\Southwest Airlines
[2009/04/06 19:05:10 | 00,001,807 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\Start Menu\Programs\Startup\DING!.lnk
[2009/04/06 19:05:10 | 00,000,000 | ---D | C] -- C:\Program Files\Southwest Airlines
[2009/04/06 19:00:20 | 06,599,680 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\DingInstall-1.05.exe
[2009/04/02 19:51:00 | 00,020,492 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\cw411.checkfreeweb.com-cw411-wps.tif
[2009/04/02 13:20:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\Application Data\Panasonic
[2009/04/02 12:57:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\ArcSoft
[2009/04/02 12:56:47 | 00,000,026 | ---- | C] () -- C:\UpdaterforApp.ini
[2009/04/02 12:52:53 | 00,126,976 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\MediaImpression Slideshow.scr
[2009/04/02 12:52:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MediaImpression Slideshow
[2009/04/02 12:50:23 | 00,001,760 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
[2009/04/02 12:50:13 | 00,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK2.dll
[2009/04/02 12:50:13 | 00,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICEntry.dll
[2009/04/02 12:50:13 | 00,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK.dll
[2009/04/02 12:50:13 | 00,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/04/02 12:50:13 | 00,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EpPicPrt.dll
[2009/04/02 12:50:13 | 00,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/04/02 12:50:13 | 00,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/04/02 12:50:13 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/04/02 12:50:12 | 00,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EpPicMgr.dll
[2009/04/02 12:50:12 | 00,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/04/02 12:50:12 | 00,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/04/02 12:50:12 | 00,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/04/02 12:50:12 | 00,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/04/02 12:50:12 | 00,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/04/02 12:50:12 | 00,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/04/02 12:50:12 | 00,012,669 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg
[2009/04/02 12:50:12 | 00,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/04/02 12:50:12 | 00,006,478 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg
[2009/04/02 12:50:12 | 00,006,478 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg
[2009/04/02 12:50:12 | 00,006,366 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg
[2009/04/02 12:50:12 | 00,006,366 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg
[2009/04/02 12:50:12 | 00,006,226 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg
[2009/04/02 12:50:12 | 00,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/04/02 12:50:12 | 00,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/04/02 12:50:12 | 00,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/04/02 12:50:12 | 00,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/04/02 12:50:12 | 00,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/04/02 12:49:49 | 00,045,056 | ---- | C] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\PhDi2.sys
[2009/04/02 12:49:43 | 00,000,000 | ---D | C] -- C:\Program Files\Panasonic
[2009/04/01 19:44:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\My Documents\sams 1st
[2009/04/01 19:43:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Caspedia
[2009/04/01 19:43:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\My Documents\sams
[2009/03/30 20:45:08 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/30 14:51:32 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner.laptop\My Documents\spybotsd162.exe
[2009/03/30 14:49:35 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/30 14:49:22 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/30 14:44:39 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/30 14:44:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/30 14:30:19 | 37,452,296 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Owner.laptop\My Documents\Ad-AwareAE.exe
[2009/03/30 14:19:03 | 15,403,200 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\core.zip
[2009/03/29 22:11:43 | 00,270,888 | R--- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2009/03/29 22:11:43 | 00,065,576 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2009/03/29 18:50:50 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\I believe I.doc
[2009/03/29 18:18:38 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\dds.scr
[2009/03/28 22:12:54 | 00,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\MS1000.sys
[2009/03/28 22:12:28 | 00,000,000 | ---D | C] -- C:\Program Files\The Cleaner Demo
[2009/03/28 22:04:22 | 00,000,000 | ---D | C] -- C:\Program Files\Registry_Cleaner_Pro
[2009/03/28 21:16:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Creative Memories
[2009/03/28 21:16:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Creative Memories
[2009/03/28 21:16:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\My Documents\Creative Memories
[2009/03/28 21:16:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\Application Data\Creative Memories
[2009/03/28 21:08:25 | 00,000,000 | ---D | C] -- C:\Program Files\Creative Memories
[2009/03/28 21:07:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\Downloaded Installations
[2009/03/27 21:12:15 | 00,108,704 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\secure.reservations.disney.go.com-ibcwdw-en_US-_framewo0001.tif
[2009/03/27 21:09:57 | 00,264,350 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\secure.reservations.disney.go.com-ibcwdw-en_US-_framewo.tif
[2009/03/27 14:11:29 | 00,162,595 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\opera6.htm
[2009/03/27 14:04:01 | 00,195,470 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\opera6.adr
[2009/03/26 08:53:45 | 00,000,000 | ---D | C] -- C:\Program Files\Aspell
[2009/03/25 21:21:00 | 00,058,038 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\TaxACT Online0002.tif
[2009/03/25 21:20:09 | 00,057,524 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\TaxACT Online0001.tif
[2009/03/25 21:17:21 | 00,037,152 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\2008_Illinois_Return.pdf
[2009/03/25 21:16:59 | 00,023,917 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\2008_Federal_Return.pdf
[2009/03/25 21:16:37 | 00,019,816 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\TaxACT Online.tif
[2009/03/25 20:21:07 | 00,024,206 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\2008_previewFederal_1040.pdf
[2009/03/25 19:25:00 | 00,130,992 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\leisha08w4.pdf
[2009/03/25 16:09:50 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/25 16:09:15 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/03/25 16:09:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/25 16:07:57 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/25 16:06:45 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/03/23 18:11:46 | 00,034,380 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\blackttz5.TIF
[2009/03/22 16:13:27 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/03/21 19:22:47 | 00,073,278 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\Printer Friendly - BuyDig.tif
[2009/03/21 17:23:43 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2009/03/21 17:23:43 | 00,225,280 | ---- | C] (Art Dept (nsw) Pty Ltd) -- C:\WINDOWS\System32\CSInstru.DLL
[2009/03/21 00:21:00 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner.laptop\My Documents\March 20th.doc
[2009/03/18 18:31:19 | 00,000,000 | ---D | C] -- C:\Program Files\Passcape
[2009/03/18 15:41:43 | 00,000,000 | ---D | C] -- C:\Program Files\Opera 10 Preview
[2008/12/18 22:54:47 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{CF055C57-A988-42E6-BDAF-E3D94C6973A8}_WiseFW.ini
[2008/05/22 16:51:39 | 00,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2007/12/25 15:11:11 | 00,000,094 | ---- | C] () -- C:\WINDOWS\MusicRip.ini
[2007/10/01 15:46:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/10/01 15:43:05 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2007/07/25 22:30:58 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/03/25 00:44:51 | 00,000,137 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/05 13:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/03 18:17:47 | 00,000,112 | ---- | C] () -- C:\WINDOWS\WaterIllusion.ini
[2007/02/26 19:22:45 | 00,010,084 | ---- | C] () -- C:\WINDOWS\msvrc20.dll
[2007/02/19 17:41:57 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2007/01/01 20:18:08 | 00,004,568 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/21 16:10:54 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/20 16:49:04 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/04 10:13:33 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/11/04 10:13:13 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/11/04 10:03:13 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/11/04 09:43:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/21 04:48:15 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/17 04:24:58 | 00,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 04:24:57 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 04:23:30 | 00,000,765 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/06/17 04:23:29 | 00,000,282 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 23:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/14 12:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[12 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/14 18:59:19 | 00,002,897 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Desktop\kasperskyscan.html
[2009/04/14 17:22:05 | 35,110,767 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/14 17:22:05 | 00,096,714 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/14 16:30:02 | 00,000,398 | ---- | M] () -- C:\WINDOWS\tasks\Advanced WindowsCare V2 Pro.job
[2009/04/14 13:18:36 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\ddp.xls
[2009/04/13 14:49:24 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/11 19:09:43 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/11 19:08:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/11 19:08:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/11 19:08:19 | 20,112,79360 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/11 19:07:13 | 33,383,402 | -H-- | M] () -- C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\IconCache.db
[2009/04/11 18:47:29 | 00,000,777 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/11 18:46:59 | 00,000,621 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Desktop\NTREGOPT.lnk
[2009/04/11 18:46:58 | 00,000,602 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Desktop\ERUNT.lnk
[2009/04/10 21:54:31 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.laptop\Desktop\OTListIt2.exe
[2009/04/10 21:21:01 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Desktop\Flash_Disinfector.exe
[2009/04/10 13:32:50 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\Packing for Disney.doc
[2009/04/08 15:21:06 | 00,138,156 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\Southwest Airlines Air Booking Confirmation.tif
[2009/04/08 12:59:46 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\Disney ideas.doc
[2009/04/07 20:59:01 | 00,000,125 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/04/06 19:05:10 | 00,001,807 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Start Menu\Programs\Startup\DING!.lnk
[2009/04/06 19:03:46 | 06,599,680 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\DingInstall-1.05.exe
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/02 19:51:00 | 00,020,492 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\cw411.checkfreeweb.com-cw411-wps.tif
[2009/04/02 13:14:31 | 00,111,616 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/02 13:02:04 | 00,236,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/02 12:56:47 | 00,000,026 | ---- | M] () -- C:\UpdaterforApp.ini
[2009/04/02 12:50:23 | 00,001,760 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
[2009/04/01 21:16:02 | 00,000,282 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/30 17:16:09 | 00,004,568 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/03/30 14:58:58 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner.laptop\My Documents\spybotsd162.exe
[2009/03/30 14:43:18 | 37,452,296 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Owner.laptop\My Documents\Ad-AwareAE.exe
[2009/03/30 14:27:14 | 15,403,200 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\core.zip
[2009/03/30 12:37:28 | 00,409,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/30 12:37:28 | 00,064,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/30 12:37:27 | 00,481,674 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/29 18:50:51 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\I believe I.doc
[2009/03/29 18:18:39 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\dds.scr
[2009/03/28 22:12:54 | 00,005,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\MS1000.sys
[2009/03/27 21:12:15 | 00,108,704 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\secure.reservations.disney.go.com-ibcwdw-en_US-_framewo0001.tif
[2009/03/27 21:10:00 | 00,264,350 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\secure.reservations.disney.go.com-ibcwdw-en_US-_framewo.tif
[2009/03/27 14:11:29 | 00,162,595 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\opera6.htm
[2009/03/27 14:09:50 | 00,195,470 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\opera6.adr
[2009/03/26 20:44:42 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/25 21:21:01 | 00,058,038 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\TaxACT Online0002.tif
[2009/03/25 21:20:09 | 00,057,524 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\TaxACT Online0001.tif
[2009/03/25 21:17:21 | 00,037,152 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\2008_Illinois_Return.pdf
[2009/03/25 21:16:59 | 00,023,917 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\2008_Federal_Return.pdf
[2009/03/25 21:16:37 | 00,019,816 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\TaxACT Online.tif
[2009/03/25 20:41:26 | 00,024,206 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\2008_previewFederal_1040.pdf
[2009/03/25 19:25:00 | 00,130,992 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\leisha08w4.pdf
[2009/03/23 18:11:46 | 00,034,380 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\blackttz5.TIF
[2009/03/21 19:22:47 | 00,073,278 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\Printer Friendly - BuyDig.tif
[2009/03/21 17:23:43 | 00,266,240 | ---- | M] () -- C:\WINDOWS\System32\CSHelper.exe
[2009/03/21 17:23:43 | 00,225,280 | ---- | M] (Art Dept (nsw) Pty Ltd) -- C:\WINDOWS\System32\CSInstru.DLL
[2009/03/21 00:21:00 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner.laptop\My Documents\March 20th.doc
[2009/03/18 15:41:46 | 00,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\new opera.lnk
< End of report >

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 14 April 2009 - 07:35 PM

Hello.

That looks okay.

How is your computer running?

Remove all older versions of Java except "Java 6 update13".

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 shalei

shalei
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 14 April 2009 - 09:03 PM

It's running fine. Thanks for your help.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 15 April 2009 - 02:44 PM

Hello.

Looks good then. Let's cleanup.


Please follow/read the steps below to remove the tools we used, purge a system restore and for some more information. :step5:

Download and Run OTCleanIt

We will now remove the tools we used during this fix.
  • Download OTCleanIt by OldTimer to your desktop.
  • Double click OTCleanIt.exe to start the program.
  • Click the big CleanUp! button.
  • When asked if you want to proceed witht the cleanup process, click Yes. Restart your computer when prompted.
Create a New System Restore Point<- Very Important

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.


Congratulations! You now appear clean! :step1: :) :thumbup2:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :step4:


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks :)

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 shalei

shalei
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 15 April 2009 - 09:04 PM

Once again thanks for your help. I have no other problems or questions so I'm fine with closing the topic.

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 15 April 2009 - 09:09 PM

You're welcome :thumbup2:

Happy surfing again!

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users