Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection - Win32.ZBot, Win32.Agent.pz, SHeur2.BEXC


  • This topic is locked This topic is locked
14 replies to this topic

#1 mkzika

mkzika

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 20 September 2009 - 07:42 PM

I use AVG8.5.409 and it recently detected an infection from SHeur2.BEXC while I was using the computer. It said the infected file was in: C:\Documents and Settings\All Users\Microsoft Private Data\Microsoft\lan.dll. AVG said it was unable to remove the file and it has been Quarantined.

I then did a scan using Spybot Search and Destroy 1.6.0.31. It detected Win32.Agent.pz and Win32.ZBot. It said that it supposed removed the affected files.

The problem is my computer is still acting weird. I still hear my processor running at times for no reason, sometimes when we switch from user to user we get an error saying a file is in use (logon.exe) and it take an long time to switch to another user.

I am wondering if my computer is still infected with something. It has become slower and slower during the past few months and sometimes my web browsers hang up. Any help would be greatly appreciated. :(

Here is the DDS.txt log I ran tonight:

----------------------------------------------------------------------------

DDS (Ver_09-07-30.01) - NTFSx86
Run by Matt at 20:12:30.95 on Sun 09/20/2009
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.408 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\CTHELPER.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\java.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\IOGEAR\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Matt\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.crh.noaa.gov/mqt/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Shell=Explorer.exe logon.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
mRun: [WService] WService.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [CTHelper] CTHELPER.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\iogear\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photag~1.lnk - c:\program files\photags express\Photags AutoDetect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\iogear\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\iogear\bluetooth software\btsendto_ie.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: turbotax.com
DPF: {00542225-A3CB-11D5-A675-0000E879DC3A} - hxxp://www.logo.com/imagine/plugin/nximagine.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201964878093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A018C3AE-D60B-42C6-B8F1-CD1E97166BE3} - hxxp://techsupport.esylvan.com/monitor/MixerCtrl.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CC5CA032-A3AA-11D4-80A9-0050DA680987} - hxxp://www.esylvan.com/training/hmvcne.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\matt\applic~1\mozilla\firefox\profiles\zz9rrlqe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.weather.gov/mqt
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-14 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-14 27784]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-14 297752]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem;c:\windows\system32\drivers\BEFCMU10V4XP.sys [2006-2-16 14336]
S3 cdiskdun;cdiskdun;c:\docume~1\nathan\locals~1\temp\cdiskdun.sys [2004-6-4 31744]

=============== Created Last 30 ================


==================== Find3M ====================

2009-09-19 15:51 87,496 a------- c:\docume~1\matt\applic~1\GDIPFONTCACHEV1.DAT
2009-08-28 09:55 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-28 09:55 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-10 09:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-09 12:16 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-25 04:44 724,480 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:44 298,496 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:44 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 04:44 133,632 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:44 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:44 56,320 a------- c:\windows\system32\secur32.dll
2009-06-25 04:44 724,480 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:44 298,496 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:44 168,448 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:44 133,632 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:44 59,392 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 04:44 56,320 -------- c:\windows\system32\dllcache\secur32.dll
2008-10-20 15:57 56,912 a------- c:\documents and settings\matt\g2mdlhlpx.exe
2006-02-20 10:14 456 a------- c:\program files\INSTALL.LOG
2006-05-03 06:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 07:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 09:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 20:13:46.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:01:05 AM

Posted 08 October 2009 - 05:34 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.  

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:05 PM

Posted 14 October 2009 - 12:57 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:05 PM

Posted 15 October 2009 - 07:51 PM

Topic reopened at the request of mkzika.

Please post your OTL logs:
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
regards _temp_

Edited by _temp_, 15 October 2009 - 07:53 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 mkzika

mkzika
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 16 October 2009 - 05:49 AM

Thanks for reopening my thread. Computer is still very slow.


Here are the OTL and EXTRAS logs:

OTL logfile created on: 10/16/2009 6:27:29 AM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 155.27 Mb Available Physical Memory | 15.19% Memory free
2.40 Gb Paging File | 1.53 Gb Available in Paging File | 63.66% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 194.38 Gb Free Space | 85.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER1
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/16 06:27:01 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
PRC - [2009/10/05 08:50:30 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/14 17:21:26 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/10 20:31:38 | 00,046,920 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
PRC - [2009/08/28 09:55:49 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/28 09:55:48 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/28 09:55:37 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/28 09:55:35 | 00,761,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgscanx.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/29 14:37:48 | 10,735,616 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/09/15 12:19:14 | 01,766,744 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/05/01 07:38:00 | 00,131,072 | ---- | M] (Linksys LLC - A Division of Cisco Systems) -- C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
PRC - [2008/04/18 05:30:42 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.exe
PRC - [2008/04/09 01:15:12 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/04/09 01:15:10 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2007/09/24 22:30:28 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/04/25 10:32:10 | 00,368,640 | ---- | M] () -- C:\Program Files\PhoTags Express\Photags AutoDetect.exe
PRC - [2005/05/31 14:29:16 | 00,577,597 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
PRC - [2005/05/31 14:28:04 | 01,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\IOGEAR\Bluetooth Software\BTStackServer.exe
PRC - [2005/05/31 14:23:08 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
PRC - [2005/04/25 09:49:52 | 00,086,142 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
PRC - [2004/11/12 00:10:00 | 00,127,046 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2004/09/28 02:33:52 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2004/08/10 05:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2004/05/29 00:08:52 | 00,520,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
PRC - [2004/03/11 16:50:52 | 00,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTHELPER.EXE
PRC - [2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/29 22:41:32 | 00,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\System32\DRIVERS\WtSrv.exe
PRC - [1999/12/13 16:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (LVPrcSrv [Auto | Stopped])
SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/08/28 09:55:37 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/03/24 03:39:59 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2008/04/18 05:30:42 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater [Auto | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/04/09 01:15:12 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2005/05/31 14:23:08 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2005/04/25 09:49:52 | 00,086,142 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe -- (IAANTMon [Auto | Running])
SRV - [2004/11/12 00:10:00 | 00,127,046 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2004/10/25 22:01:52 | 00,421,888 | ---- | M] (Dell) -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device [On_Demand | Stopped])
SRV - [2004/09/28 02:33:52 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2004/09/15 13:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2004/08/10 05:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2004/03/18 17:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2003/09/29 22:41:32 | 00,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\System32\DRIVERS\WtSrv.exe -- (WinTabService [Auto | Running])
SRV - [1999/12/13 16:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/08/28 09:55:48 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/28 09:55:48 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/07/09 12:16:16 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 14:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2008/04/09 01:14:04 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\System32\DRIVERS\pnarp.sys -- (pnarp [Auto | Running])
DRV - [2008/04/09 01:14:00 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\System32\DRIVERS\purendis.sys -- (purendis [Auto | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/02/06 16:05:14 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32 [System | Running])
DRV - [2006/01/10 12:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2005/05/31 14:16:06 | 00,401,152 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
DRV - [2005/05/31 14:13:34 | 01,341,466 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2005/05/31 14:11:18 | 00,030,363 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Running])
DRV - [2005/05/31 14:10:32 | 00,056,648 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Running])
DRV - [2005/05/31 14:07:56 | 00,148,040 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS [On_Demand | Running])
DRV - [2005/05/31 06:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2005/05/13 11:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2005/05/13 11:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2005/04/25 14:28:14 | 00,871,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor [Boot | Running])
DRV - [2005/04/22 04:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2005/04/21 03:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2005/01/26 02:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/11/12 00:10:00 | 02,738,400 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/11/02 16:12:14 | 00,019,456 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\Drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
DRV - [2004/10/14 21:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2004/08/12 21:40:50 | 00,904,752 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/08/06 23:29:14 | 00,006,656 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2004/08/06 16:43:26 | 00,366,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2004/07/13 16:15:48 | 00,148,432 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Running])
DRV - [2004/07/13 16:13:14 | 00,145,488 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2004/07/13 16:12:36 | 00,130,288 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2004/07/13 16:11:58 | 00,006,096 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2004/07/13 16:11:28 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2004/07/13 16:09:32 | 00,645,360 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2004/07/05 12:12:00 | 00,014,336 | R--- | M] (Cisco-Linksys, LLC) -- C:\WINDOWS\System32\DRIVERS\BEFCMU10V4XP.sys -- (BEFCMU10V4XP [On_Demand | Stopped])
DRV - [2004/06/04 23:04:49 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Nathan\Local Settings\Temp\cdiskdun.sys -- (cdiskdun [On_Demand | Stopped])
DRV - [2004/03/18 05:52:00 | 00,051,088 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2004/03/18 05:52:00 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2004/03/18 05:51:00 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2003/11/17 22:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/17 22:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2003/11/17 22:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2003/09/23 10:42:34 | 00,007,296 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\System32\drivers\grmnusb.sys -- (grmnusb [On_Demand | Stopped])
DRV - [2003/04/09 19:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2003/03/05 05:17:36 | 00,023,202 | ---- | M] (Tablet Driver) -- C:\WINDOWS\System32\DRIVERS\TClass2k.sys -- (TClass2k [On_Demand | Stopped])
DRV - [2003/03/05 03:00:44 | 00,011,090 | ---- | M] (Tablet Driver) -- C:\WINDOWS\System32\DRIVERS\UCTblHid.sys -- (UCTblHid [On_Demand | Stopped])
DRV - [2002/11/08 20:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2000/06/13 01:32:02 | 00,015,370 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\Drivers\Tablet2k.sys -- (Tablet2k [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.crh.noaa.gov/mqt/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.weather.gov/mqt"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {a6ca9b3b-5e52-4f47-85d8-cca35bb57596}:1.4.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 04:00:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/13 17:54:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/07 17:35:50 | 00,000,000 | ---D | M]

[2008/12/06 23:44:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\mozilla\Extensions
[2008/12/06 23:44:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/15 17:36:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\mozilla\Firefox\Profiles\zz9rrlqe.default\extensions
[2009/09/03 18:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\mozilla\Firefox\Profiles\zz9rrlqe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/29 15:44:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\mozilla\Firefox\Profiles\zz9rrlqe.default\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}
[2009/10/15 17:36:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/13 17:54:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/07/30 14:56:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/29 10:57:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/10/13 17:54:49 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/10/13 17:54:49 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/09/14 17:21:29 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/06/18 21:27:26 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/10/07 17:35:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/07 17:35:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/07 17:35:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/07 17:35:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/07 17:35:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/07 17:35:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/10/07 17:35:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/06/18 21:27:41 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/06/18 21:27:21 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/10/30 02:00:50 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/30 02:00:50 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/30 02:00:50 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/10/30 02:00:50 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/30 02:00:50 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/30 02:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/30 02:00:50 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (263300 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 9132 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WService] File not found
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe File not found
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00542225-A3CB-11D5-A675-0000E879DC3A} http://www.logo.com/imagine/plugin/nximagine.cab (xImaginePlugin Control)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macromedia.com/director/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1201964878093 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A018C3AE-D60B-42C6-B8F1-CD1E97166BE3} http://techsupport.esylvan.com/monitor/MixerCtrl.cab (MixerCtrl Control)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (FujifilmUploader Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CC5CA032-A3AA-11D4-80A9-0050DA680987} http://www.esylvan.com/training/hmvcne.cab (HearMe Voice Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.115.71.53 24.213.60.93 24.196.64.53
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (logon.exe) - C:\WINDOWS\System32\logon.exe ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 17:07:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/10/07 17:37:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/07 17:38:15 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/09/26 15:25:42 | 00,000,000 | ---D | C] -- C:\Program Files\Savings Bond Wizard
[2009/10/16 06:26:55 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2009/10/02 16:21:49 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/09/29 05:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/09/28 19:37:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/09/28 19:37:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/09/28 19:37:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/09/28 19:37:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/09/28 19:24:10 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/09/27 15:08:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\BBSTORE
[2009/09/26 15:25:42 | 00,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2009/09/21 07:47:53 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/09/21 07:46:59 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/09/21 07:44:14 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/09/21 07:44:10 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/09/21 07:44:10 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/09/20 20:18:00 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Matt\Desktop\RootRepeal.exe
[2009/09/19 16:42:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\lowsec
[2005/08/12 21:16:11 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/10/16 06:27:01 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2009/10/16 06:05:29 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily FY04.job
[2009/10/16 01:59:25 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/15 18:12:21 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/15 17:39:29 | 42,918,740 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/15 17:39:29 | 00,032,991 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/15 15:56:59 | 00,007,275 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/15 15:54:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/15 15:54:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/15 15:54:21 | 10,718,12608 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/15 04:23:40 | 04,933,091 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000004-00001102-00000004-20061102}.CDF
[2009/10/15 04:16:40 | 00,490,816 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/15 04:16:40 | 00,434,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/15 04:16:40 | 00,068,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/15 04:11:30 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/15 04:05:44 | 00,000,594 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/14 17:14:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/14 17:09:03 | 00,313,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/13 17:57:01 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/10/13 17:57:01 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/10/13 17:57:01 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
[2009/10/13 17:57:01 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
[2009/10/13 17:57:00 | 00,034,276 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
[2009/10/13 17:57:00 | 00,034,276 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
[2009/10/13 17:57:00 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
[2009/10/13 17:57:00 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
[2009/10/13 17:51:44 | 00,000,851 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/10/12 22:12:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/11 04:56:16 | 00,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2009/10/09 18:30:00 | 00,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (COMPUTER1-Matt).job
[2009/10/07 17:39:12 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/03 12:48:40 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/02 14:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/09/30 18:26:36 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/29 06:11:27 | 00,087,880 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/29 06:03:13 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/09/28 19:28:58 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/09/26 15:25:42 | 00,000,759 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Savings Bond Wizard.lnk
[2009/09/20 20:18:21 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\settings.dat
[2009/09/20 20:18:09 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Matt\Desktop\RootRepeal.exe
[2009/09/20 20:10:39 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\dds.scr
[2009/09/20 18:32:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/09/19 21:35:00 | 00,000,621 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/09/19 16:42:28 | 00,026,112 | ---- | M] () -- C:\WINDOWS\System32\logon.exe
[2009/09/19 15:51:44 | 00,087,496 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\GDIPFONTCACHEV1.DAT

========== Files - No Company Name ==========
[2009/10/07 17:39:12 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/26 15:25:42 | 00,000,759 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Savings Bond Wizard.lnk
[2009/09/20 20:18:21 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\settings.dat
[2009/09/20 20:10:30 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\dds.scr
[2009/09/19 16:41:56 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\logon.exe
[2009/06/08 11:52:23 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/01/01 19:41:02 | 00,000,033 | ---- | C] () -- C:\WINDOWS\Pt.dll
[2008/07/03 19:26:52 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/03/04 19:52:34 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/02/03 10:38:57 | 00,260,116 | -H-- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\IconCache.db
[2008/01/19 13:19:21 | 00,000,083 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/01/12 15:57:40 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/12 15:57:40 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/12 15:57:40 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/10 18:09:11 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\tuscaenc.dll
[2008/01/10 17:54:25 | 00,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/01/10 17:54:25 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/01/10 17:54:25 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/01/10 17:54:24 | 03,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/01/10 17:52:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VMorpher.INI
[2008/01/10 17:52:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VDVD.INI
[2008/01/10 17:52:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Cover.INI
[2008/01/10 17:52:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\avvcnvrt.INI
[2008/01/10 17:44:00 | 00,000,029 | ---- | C] () -- C:\WINDOWS\AVFTP.INI
[2008/01/02 12:54:58 | 00,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/31 10:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/08/11 20:18:41 | 00,000,147 | ---- | C] () -- C:\WINDOWS\Disney's Magic Artist.INI
[2007/08/02 21:23:10 | 00,000,734 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2007/05/17 14:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/02/13 17:28:30 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/08/17 09:33:03 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/03/12 13:00:24 | 00,000,210 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/20 10:14:23 | 00,000,456 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2006/02/05 19:56:41 | 00,000,257 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/01/27 15:12:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mvPcInfo.ini
[2005/11/14 16:45:04 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/11/14 16:36:48 | 00,000,328 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/10/22 21:59:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2005/10/11 16:03:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\setup32.INI
[2005/10/11 16:03:35 | 00,000,016 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/10/10 19:21:51 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/10 16:37:59 | 00,087,496 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\GDIPFONTCACHEV1.DAT
[2005/08/30 11:13:44 | 00,087,880 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/08/28 14:59:06 | 00,001,186 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/08/23 15:00:18 | 00,000,851 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/08/23 13:07:33 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/08/23 13:03:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/18 19:41:03 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\fusioncache.dat
[2005/08/18 19:41:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Matt\Application Data\desktop.ini
[2005/08/12 21:29:08 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/12 21:24:04 | 00,000,621 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/12 21:16:39 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/08/12 21:16:16 | 00,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2005/08/12 21:16:16 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/08/12 21:16:12 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/08/12 21:15:49 | 00,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/08/12 20:54:04 | 00,000,430 | ---- | C] () -- C:\WINDOWS\System32\dlbtplc.ini
[2005/08/12 20:53:20 | 00,000,375 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/05/31 14:19:08 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/05/12 08:25:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/09 19:11:08 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2004/11/09 19:10:28 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2004/11/09 19:05:58 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2004/11/09 18:59:26 | 00,405,504 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2004/08/23 15:42:30 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2004/08/23 15:40:14 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2004/08/19 17:20:39 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 17:01:43 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 16:57:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/19 16:49:59 | 00,000,594 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/19 16:49:56 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/10/08 15:09:46 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2002/05/15 23:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2002/04/21 14:30:12 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/04/01 18:16:28 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/04/01 18:16:13 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/04/01 18:15:39 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/11/23 18:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/10/08 22:54:34 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll
[1999/01/22 14:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
< End of report >





Extras.txt:


OTL Extras logfile created on: 10/16/2009 6:27:29 AM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 155.27 Mb Available Physical Memory | 15.19% Memory free
2.40 Gb Paging File | 1.53 Gb Available in Paging File | 63.66% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 194.38 Gb Free Space | 85.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER1
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\ICQ\Icq.exe" = C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ -- File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Java\j2re1.4.2_05\bin\javaw.exe" = C:\Program Files\Java\j2re1.4.2_05\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component -- File not found
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00180409-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 SR-1 Runtime
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = IOGEAR Bluetooth Software
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel® PROSafe for Wired Connections
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{5414086B-AE06-4332-8A59-26FF0F630D1B}" = Garmin Trip and Waypoint Manager v3
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6EA363F3-C5F3-4694-B766-70EE8BDF3EFF}" = PS370
"{71458101-3A23-4472-9A71-D1A7B89056B6}" = hp_DevIO
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9770A25C-45A7-478E-AF50-4FDE53EED270}" = American Greetings CreataCard Select 6
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{996EC44B-38E1-4898-8E47-3EE3D15F2712}" = Garmin WebUpdater
"{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.8
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.1
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AD4203ED-7683-435E-B436-C299773A9936}" = MapSource - US Topo v3.02
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B61277AA-5707-418D-9695-A8D5BDB201F9}" = Garmin Inland Lakes v2
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2023740-9AAC-11D4-B54D-006008571948}" = Pac-Man Adventures in Time
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DE58B061-6936-4913-AA5C-682E49356D86}" = TurboTax 2008 wmiiper
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2EFF20D-30BF-4907-B1FD-B7EBCED798D6}" = HPHDiscovery
"{E4375AC9-EDE1-4943-A0E3-801CEB7041DF}" = Dell Support 3.2.1
"{E5E6E687-1033-BA7E-6000-000000000001}" = Adobe Acrobat Elements 6.0
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{ECAAC00F-74C7-4F1C-A110-F526ED630044}" = SpongeBob SquarePants - Nighty Nightmare
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FDF0F423-F81F-4EA7-ABD1-AACBB60F3644}" = G15A922EN
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL YGP Picture Downloader" = AOL YGP Picture Downloader
"Arthur's Reading Race" = Arthur's Reading Race
"AudibleDownloadManager" = Audible Download Manager
"Audigy2 Audio UG" = Audio User's Guide
"AVG8Uninstall" = AVG Free 8.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
"Canon Digital Camera USB Driver" = Canon Digital Camera USB Driver
"Canon Utilities RAW Image Converter" = Canon Utilities RAW Image Converter
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"DisneysMagicArtistDeinstKey" = Disney's Magic Artist
"ESPNMotion" = ESPNMotion
"Google Updater" = Google Updater
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 1.99.1
"HP Photo & Imaging" = HP Image Zone 4.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"Jimmy Neutron Boy Genius" = Jimmy Neutron Boy Genius
"Learning Environment" = Learning Environment (remove only)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' RogueRemover FREE_is1" = Malwarebytes' RogueRemover
"MarbleBlastGoldDemo" = Marble Blast Gold Demo (remove only)
"Math Blaster" = Math Blaster
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ODEUNST #1" = BCBSMDigitalDirectory
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PhoTagsExpress" = PhoTags Express
"PhotoRecord" = Canon PhotoRecord
"PROSetDX" = Intel® PRO Network Connections Software v9.2.4.11
"Reader Rabbit Math Ages 6-9" = Reader Rabbit Math Ages 6-9
"RealPlayer 6.0" = RealPlayer
"RemoteCapture" = Canon Utilities RemoteCapture 1.4
"rm3d1.0_is1" = Rolling Madness 3D v1.0
"RRK32.exe" = Reader Rabbit's Kindergarten
"Savings Bond Wizard" = Savings Bond Wizard
"Scholastic's I SPY Mystery" = Scholastic's I SPY Mystery
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"StarFlyers Alien Space Chase" = StarFlyers Alien Space Chase
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Super Collapse! from GameHouse" = Super Collapse! from GameHouse
"The ClueFinders 3rd Grade Adventures" = The ClueFinders 3rd Grade Adventures
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2005" = TurboTax Deluxe 2005
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"RadarLab HD" = RadarLab HD

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/22/2009 4:18:32 AM | Computer Name = COMPUTER1 | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {D321A28C-558E-44C9-A320-1774DFFA5C1A} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.308 s

Error - 9/22/2009 4:18:37 AM | Computer Name = COMPUTER1 | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {2476B101-0019-460B-8EC4-18FFEBB6A39F} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.308 s

Error - 9/22/2009 11:09:31 AM | Computer Name = COMPUTER1 | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.2162, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/22/2009 11:13:11 AM | Computer Name = COMPUTER1 | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.2162, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/29/2009 6:03:12 AM | Computer Name = COMPUTER1 | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {ED7F556F-79FB-465B-90E6-FEA3E6FC3791} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 9/29/2009 6:03:12 AM | Computer Name = COMPUTER1 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 80080005: InitEventCollector fail

Error - 9/29/2009 6:03:13 AM | Computer Name = COMPUTER1 | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {9503AEE7-58D5-432C-A378-B749149CD7DC} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 9/29/2009 6:03:18 AM | Computer Name = COMPUTER1 | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {AE39C607-C35D-4972-B13B-1BDC3DCE36E6} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 10/1/2009 8:27:51 PM | Computer Name = COMPUTER1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/16/2009 1:59:20 AM | Computer Name = COMPUTER1 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,
P10 NIL.

[ System Events ]
Error - 10/14/2009 5:12:36 PM | Computer Name = COMPUTER1 | Source = Service Control Manager | ID = 7000
Description = The Fax service failed to start due to the following error: %%1053

Error - 10/14/2009 5:12:36 PM | Computer Name = COMPUTER1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Pure Networks Platform
Service service to connect.

Error - 10/14/2009 5:12:36 PM | Computer Name = COMPUTER1 | Source = Service Control Manager | ID = 7000
Description = The Pure Networks Platform Service service failed to start due to
the following error: %%1053

Error - 10/15/2009 3:56:48 PM | Computer Name = COMPUTER1 | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 10/15/2009 3:57:42 PM | Computer Name = COMPUTER1 | Source = Service Control Manager | ID = 7000
Description = The Process Monitor service failed to start due to the following error:
%%2

Error - 10/15/2009 3:57:42 PM | Computer Name = COMPUTER1 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 10/15/2009 3:57:42 PM | Computer Name = COMPUTER1 | Source = Service Control Manager | ID = 7000
Description = The Bluetooth Serial Driver service failed to start due to the following
error: %%2

Error - 10/15/2009 3:57:42 PM | Computer Name = COMPUTER1 | Source = Service Control Manager | ID = 7000
Description = The Bluetooth Port Client Driver service failed to start due to the
following error: %%2

Error - 10/15/2009 3:58:29 PM | Computer Name = COMPUTER1 | Source = Service Control Manager | ID = 7000
Description = The Microsoft Kernel Acoustic Echo Canceller service failed to start
due to the following error: %%5

Error - 10/15/2009 3:59:15 PM | Computer Name = COMPUTER1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.


< End of report >

Attached Files



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:05 PM

Posted 16 October 2009 - 08:01 AM

Hi,

please run Malwarebytes and gmer and post back the logs in your next reply. :(

Malwarebytes:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 mkzika

mkzika
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 16 October 2009 - 10:32 PM

Here is the Malwarebytes log and the gmer log. Thanks for the quick reply.

Malwarebytes' Anti-Malware 1.41
Database version: 2971
Windows 5.1.2600 Service Pack 3

10/16/2009 7:14:11 PM
mbam-log-2009-10-16 (19-14-11).txt

Scan type: Quick Scan
Objects scanned: 137144
Time elapsed: 15 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 6
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Microsoft Private Data (Rogue.ProofDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Microsoft Private Data\Microsoft (Rogue.ProofDefender) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\logon.exe (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\All Users\Microsoft Private Data\Microsoft\t.id (Rogue.ProofDefender) -> Quarantined and deleted successfully.

------------------------------------------------------------------------------------------------------------------------------


GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-16 23:27:08
Windows 5.1.2600 Service Pack 3
Running: oz6oopgw.exe; Driver: C:\DOCUME~1\Matt\LOCALS~1\Temp\pgldapow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3556] kernel32.dll!FindResourceW 7C80BC6E 5 Bytes JMP 00428CB0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3556] kernel32.dll!FindResourceA 7C80BF29 5 Bytes JMP 00428C70 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3556] USER32.dll!LoadStringW 7E419E36 5 Bytes JMP 00428E90 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3556] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 00428D60 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3556] USER32.dll!LoadStringA 7E42C908 5 Bytes JMP 00428F40 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3556] USER32.dll!LoadMenuW 7E42EB48 5 Bytes JMP 00428E30 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3556] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 00428CF0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3556] USER32.dll!LoadMenuA 7E44FA83 5 Bytes JMP 00428DD0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat EDFCED20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ C:\WINDOWS\system32\quartz.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ThreadingModel Both

---- EOF - GMER 1.0.15 ----

Attached Files



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:05 PM

Posted 18 October 2009 - 10:44 AM

Hi,

this looks pretty good. Please post a new OTL log. (only otl.txt will be created) Are you still getting detections or any problems?

regarsd _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 mkzika

mkzika
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 18 October 2009 - 11:57 AM

I am cautiously optimisitc that things may be a little better. I have not had any additional AVG detections during the past couple of days and the logging on process appears to be a little faster.

You guys are great.

Is there additional software you recommend to prevent these problems from occurring? I never know which is the best. I am using AVG bersion 8.5.422 now as my virus software. I also run Spybot search and destroy from time to time, but obviously it doesn't catch everything. Is the Malwarebytes anti malware software good software and can that be run again from time to time?


Here is the OTL log I just ran.

------------------------------------------------------------------------------------------------------

OTL logfile created on: 10/18/2009 12:43:09 PM - Run 2
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 713.48 Mb Available Physical Memory | 69.81% Memory free
2.40 Gb Paging File | 1.87 Gb Available in Paging File | 77.99% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 194.65 Gb Free Space | 85.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER1
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/17 08:38:07 | 02,025,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/10/16 06:27:01 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/28 09:55:49 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/28 09:55:48 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/28 09:55:37 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/09/15 12:19:14 | 01,766,744 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/05/01 07:38:00 | 00,131,072 | ---- | M] (Linksys LLC - A Division of Cisco Systems) -- C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
PRC - [2008/04/18 05:30:42 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/04/09 01:15:12 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/04/09 01:15:10 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2007/09/24 22:30:28 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/04/25 10:32:10 | 00,368,640 | ---- | M] () -- C:\Program Files\PhoTags Express\Photags AutoDetect.exe
PRC - [2005/05/31 14:29:16 | 00,577,597 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
PRC - [2005/05/31 14:28:04 | 01,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\IOGEAR\Bluetooth Software\BTStackServer.exe
PRC - [2005/05/31 14:23:08 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
PRC - [2005/04/25 09:49:52 | 00,086,142 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
PRC - [2004/11/12 00:10:00 | 00,127,046 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2004/09/28 02:33:52 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2004/08/10 05:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2004/05/29 00:08:52 | 00,520,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
PRC - [2004/03/11 16:50:52 | 00,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTHELPER.EXE
PRC - [2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/29 22:41:32 | 00,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\System32\DRIVERS\WtSrv.exe
PRC - [1999/12/13 16:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (LVPrcSrv [Auto | Stopped])
SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/08/28 09:55:37 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/03/24 03:39:59 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2008/04/18 05:30:42 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater [Auto | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/04/09 01:15:12 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2005/05/31 14:23:08 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2005/04/25 09:49:52 | 00,086,142 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe -- (IAANTMon [Auto | Running])
SRV - [2004/11/12 00:10:00 | 00,127,046 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2004/10/25 22:01:52 | 00,421,888 | ---- | M] (Dell) -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device [On_Demand | Stopped])
SRV - [2004/09/28 02:33:52 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2004/09/15 13:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2004/08/10 05:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2004/03/18 17:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2003/09/29 22:41:32 | 00,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\System32\DRIVERS\WtSrv.exe -- (WinTabService [Auto | Running])
SRV - [1999/12/13 16:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/08/28 09:55:48 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/28 09:55:48 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/07/09 12:16:16 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 14:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2008/04/09 01:14:04 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\System32\DRIVERS\pnarp.sys -- (pnarp [Auto | Running])
DRV - [2008/04/09 01:14:00 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\System32\DRIVERS\purendis.sys -- (purendis [Auto | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/02/06 16:05:14 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32 [System | Running])
DRV - [2006/01/10 12:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2005/05/31 14:16:06 | 00,401,152 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
DRV - [2005/05/31 14:13:34 | 01,341,466 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2005/05/31 14:11:18 | 00,030,363 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Running])
DRV - [2005/05/31 14:10:32 | 00,056,648 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Running])
DRV - [2005/05/31 14:07:56 | 00,148,040 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS [On_Demand | Running])
DRV - [2005/05/31 06:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2005/05/13 11:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2005/05/13 11:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2005/04/25 14:28:14 | 00,871,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor [Boot | Running])
DRV - [2005/04/22 04:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2005/04/21 03:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2005/01/26 02:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/11/12 00:10:00 | 02,738,400 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/11/02 16:12:14 | 00,019,456 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\Drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
DRV - [2004/10/14 21:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2004/08/12 21:40:50 | 00,904,752 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/08/06 23:29:14 | 00,006,656 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2004/08/06 16:43:26 | 00,366,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2004/07/13 16:15:48 | 00,148,432 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Running])
DRV - [2004/07/13 16:13:14 | 00,145,488 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2004/07/13 16:12:36 | 00,130,288 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2004/07/13 16:11:58 | 00,006,096 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2004/07/13 16:11:28 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2004/07/13 16:09:32 | 00,645,360 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2004/07/05 12:12:00 | 00,014,336 | R--- | M] (Cisco-Linksys, LLC) -- C:\WINDOWS\System32\DRIVERS\BEFCMU10V4XP.sys -- (BEFCMU10V4XP [On_Demand | Stopped])
DRV - [2004/06/04 23:04:49 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Nathan\Local Settings\Temp\cdiskdun.sys -- (cdiskdun [On_Demand | Stopped])
DRV - [2004/03/18 05:52:00 | 00,051,088 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2004/03/18 05:52:00 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2004/03/18 05:51:00 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2003/11/17 22:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/17 22:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2003/11/17 22:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2003/09/23 10:42:34 | 00,007,296 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\System32\drivers\grmnusb.sys -- (grmnusb [On_Demand | Stopped])
DRV - [2003/04/09 19:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2003/03/05 05:17:36 | 00,023,202 | ---- | M] (Tablet Driver) -- C:\WINDOWS\System32\DRIVERS\TClass2k.sys -- (TClass2k [On_Demand | Stopped])
DRV - [2003/03/05 03:00:44 | 00,011,090 | ---- | M] (Tablet Driver) -- C:\WINDOWS\System32\DRIVERS\UCTblHid.sys -- (UCTblHid [On_Demand | Stopped])
DRV - [2002/11/08 20:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2000/06/13 01:32:02 | 00,015,370 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\Drivers\Tablet2k.sys -- (Tablet2k [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.crh.noaa.gov/mqt/
IE - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\S-1-5-21-80719870-2620065024-2917248693-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.weather.gov/mqt"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {a6ca9b3b-5e52-4f47-85d8-cca35bb57596}:1.4.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 04:00:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/18 09:11:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/18 09:18:03 | 00,000,000 | ---D | M]

[2008/12/06 23:44:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\mozilla\Extensions
[2008/12/06 23:44:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/18 12:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\mozilla\Firefox\Profiles\zz9rrlqe.default\extensions
[2009/07/29 15:44:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\mozilla\Firefox\Profiles\zz9rrlqe.default\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}
[2009/10/18 09:12:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/18 09:10:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/07/30 14:56:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/29 10:57:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/10/18 09:10:50 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/10/18 09:10:50 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/10/18 09:10:58 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/06/18 21:27:26 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/10/07 17:35:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/07 17:35:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/07 17:35:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/07 17:35:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/07 17:35:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/07 17:35:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/10/07 17:35:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/06/18 21:27:41 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/06/18 21:27:21 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/10/18 09:11:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/10/18 09:11:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/10/18 09:11:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/10/18 09:11:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/10/18 09:11:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/10/18 09:11:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/10/18 09:11:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (263300 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 9132 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WService] File not found
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-80719870-2620065024-2917248693-1005..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe File not found
O4 - HKU\S-1-5-21-80719870-2620065024-2917248693-1005..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe File not found
O4 - HKU\S-1-5-21-80719870-2620065024-2917248693-1005..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 80 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 80 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-80719870-2620065024-2917248693-1005\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00542225-A3CB-11D5-A675-0000E879DC3A} http://www.logo.com/imagine/plugin/nximagine.cab (xImaginePlugin Control)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macromedia.com/director/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1201964878093 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A018C3AE-D60B-42C6-B8F1-CD1E97166BE3} http://techsupport.esylvan.com/monitor/MixerCtrl.cab (MixerCtrl Control)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (FujifilmUploader Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CC5CA032-A3AA-11D4-80A9-0050DA680987} http://www.esylvan.com/training/hmvcne.cab (HearMe Voice Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.115.71.53 24.213.60.93 24.196.64.53
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 17:07:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/10/07 17:37:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/16 18:56:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/16 18:56:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\Malwarebytes
[2009/10/07 17:38:15 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/10/16 18:56:23 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/26 15:25:42 | 00,000,000 | ---D | C] -- C:\Program Files\Savings Bond Wizard
[2009/10/16 18:56:24 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/16 18:56:23 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/16 18:55:05 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matt\Desktop\mbam-setup.exe
[2009/10/16 06:26:55 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2009/10/02 16:21:49 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/09/29 05:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/09/28 19:37:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/09/28 19:37:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/09/28 19:37:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/09/28 19:37:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/09/28 19:24:10 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/09/27 15:08:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\BBSTORE
[2009/09/26 15:25:42 | 00,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2009/09/21 07:47:53 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/09/21 07:46:59 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/09/21 07:44:14 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/09/21 07:44:10 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/09/21 07:44:10 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/09/20 20:18:00 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Matt\Desktop\RootRepeal.exe
[2005/08/12 21:16:11 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/10/18 10:05:00 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily FY04.job
[2009/10/18 09:21:19 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/18 09:19:35 | 04,933,492 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000004-00001102-00000004-20061102}.CDF
[2009/10/18 09:18:38 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/18 09:18:19 | 00,007,275 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/18 09:17:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/18 09:17:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/18 09:17:50 | 10,718,12608 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/18 09:17:04 | 00,035,812 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
[2009/10/18 09:17:04 | 00,035,812 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
[2009/10/18 09:17:04 | 00,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
[2009/10/18 09:17:04 | 00,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
[2009/10/18 09:17:04 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/10/18 09:17:04 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/10/18 09:17:04 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
[2009/10/18 09:17:04 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
[2009/10/18 08:38:30 | 43,219,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/18 04:56:06 | 00,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2009/10/17 17:07:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/17 15:40:02 | 00,000,851 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/10/16 19:26:13 | 00,291,328 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\oz6oopgw.exe
[2009/10/16 18:56:28 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/16 18:56:03 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matt\Desktop\mbam-setup.exe
[2009/10/16 18:30:00 | 00,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (COMPUTER1-Matt).job
[2009/10/16 09:16:31 | 00,033,037 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/16 06:27:01 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2009/10/15 04:16:40 | 00,490,816 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/15 04:16:40 | 00,434,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/15 04:16:40 | 00,068,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/15 04:11:30 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/15 04:05:44 | 00,000,594 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/14 17:09:03 | 00,313,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/12 22:12:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/07 17:39:12 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/03 12:48:40 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/02 14:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/09/30 18:26:36 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/29 06:11:27 | 00,087,880 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/29 06:03:13 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/09/28 19:28:58 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/09/26 15:25:42 | 00,000,759 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Savings Bond Wizard.lnk
[2009/09/20 20:18:21 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\settings.dat
[2009/09/20 20:18:09 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Matt\Desktop\RootRepeal.exe
[2009/09/20 20:10:39 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\dds.scr
[2009/09/20 18:32:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/09/19 21:35:00 | 00,000,621 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/09/19 15:51:44 | 00,087,496 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\GDIPFONTCACHEV1.DAT

========== Files - No Company Name ==========
[2009/10/16 19:26:01 | 00,291,328 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\oz6oopgw.exe
[2009/10/16 18:56:28 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/07 17:39:12 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/26 15:25:42 | 00,000,759 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Savings Bond Wizard.lnk
[2009/09/20 20:18:21 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\settings.dat
[2009/09/20 20:10:30 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\dds.scr
[2009/06/08 11:52:23 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/01/01 19:41:02 | 00,000,033 | ---- | C] () -- C:\WINDOWS\Pt.dll
[2008/07/03 19:26:52 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/03/04 19:52:34 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/02/03 10:38:57 | 00,260,116 | -H-- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\IconCache.db
[2008/01/19 13:19:21 | 00,000,083 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/01/12 15:57:40 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/12 15:57:40 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/12 15:57:40 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/10 18:09:11 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\tuscaenc.dll
[2008/01/10 17:54:25 | 00,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/01/10 17:54:25 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/01/10 17:54:25 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/01/10 17:54:24 | 03,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/01/10 17:52:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VMorpher.INI
[2008/01/10 17:52:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VDVD.INI
[2008/01/10 17:52:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Cover.INI
[2008/01/10 17:52:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\avvcnvrt.INI
[2008/01/10 17:44:00 | 00,000,029 | ---- | C] () -- C:\WINDOWS\AVFTP.INI
[2008/01/02 12:54:58 | 00,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/31 10:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/08/11 20:18:41 | 00,000,147 | ---- | C] () -- C:\WINDOWS\Disney's Magic Artist.INI
[2007/08/02 21:23:10 | 00,000,734 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2007/05/17 14:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/02/13 17:28:30 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/08/17 09:33:03 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/03/12 13:00:24 | 00,000,210 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/20 10:14:23 | 00,000,456 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2006/02/05 19:56:41 | 00,000,257 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/01/27 15:12:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mvPcInfo.ini
[2005/11/14 16:45:04 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/11/14 16:36:48 | 00,000,328 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/10/22 21:59:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2005/10/11 16:03:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\setup32.INI
[2005/10/11 16:03:35 | 00,000,016 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/10/10 19:21:51 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/10 16:37:59 | 00,087,496 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\GDIPFONTCACHEV1.DAT
[2005/08/30 11:13:44 | 00,087,880 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/08/28 14:59:06 | 00,001,186 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/08/23 15:00:18 | 00,000,851 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/08/23 13:07:33 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/08/23 13:03:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/18 19:41:03 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\fusioncache.dat
[2005/08/18 19:41:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Matt\Application Data\desktop.ini
[2005/08/12 21:29:08 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/12 21:24:04 | 00,000,621 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/12 21:16:39 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/08/12 21:16:16 | 00,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2005/08/12 21:16:16 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/08/12 21:16:12 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/08/12 21:15:49 | 00,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/08/12 20:54:04 | 00,000,430 | ---- | C] () -- C:\WINDOWS\System32\dlbtplc.ini
[2005/08/12 20:53:20 | 00,000,375 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/05/31 14:19:08 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/05/12 08:25:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/09 19:11:08 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2004/11/09 19:10:28 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2004/11/09 19:05:58 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2004/11/09 18:59:26 | 00,405,504 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2004/08/23 15:42:30 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2004/08/23 15:40:14 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2004/08/19 17:20:39 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 17:01:43 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 16:57:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/19 16:49:59 | 00,000,594 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/19 16:49:56 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/10/08 15:09:46 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2002/05/15 23:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2002/04/21 14:30:12 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/04/01 18:16:28 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/04/01 18:16:13 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/04/01 18:15:39 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/11/23 18:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/10/08 22:54:34 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll
[1999/01/22 14:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
< End of report >

Attached Files

  • Attached File  OTL.Txt   121.9KB   1 downloads


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:05 PM

Posted 18 October 2009 - 12:40 PM

Hi,

that log looks clean.

Please run another scan with ESET; just to be safe:

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
I will offer you a couple of other programs to make your PC more secure once we're done. The reason I'm not doing so know is to keep the logs as clean as possible, so that the possible new malicious entries can be identified. Malwarebytes definitely is one of the tools I would advise to keep. Please bear in mind, that Malwarebytes does no automatic updates, hence please remember to update the tool manually before runnning a scan with it.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 mkzika

mkzika
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 19 October 2009 - 10:06 AM

This is what I got during the ESET Scan. Looks like 1 hit that was deleted.

As it was scanning my AVG Resident Shield popped up with a threat detected saying that the mbam-setup.exe file was infected with a Trojan horse PSW.Banker.ZOY That is the file that installed the Malware bytes software. I am assuming it was a false detection. Would you concur?


ESET Scan log:

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\416BKTE3\main_[1].exe a variant of Win32/Kryptik.AJB trojan cleaned by deleting - quarantined


Thanks again for all your help thus far!

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:05 PM

Posted 19 October 2009 - 10:24 AM

Hi,

yes, I've already had a couple of AVG users ask me that question today, it looks like a false positive and I hope it will be fixed soon.
The file found by ESET was in the Cache and not an active infection. :(

I think your logs are clean and we should no focus on bringing your system up to date.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 12.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Your Adobe Reader is also out of date. Please uninstall it and download the latest version from Adobe: Download
Please untick all proposed toolbars unless you really want them.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 mkzika

mkzika
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 19 October 2009 - 11:48 AM

The old javas have been deleted. I didn't see update 12, but I did install update 16.

Also, Adobe Reader has been updated.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:05 PM

Posted 20 October 2009 - 09:34 AM

Hi,

yes sorry. I forgot to update regarding the latest updates. Update 16 is the one you want. :)

Read those last few lines, in order to keep your pc safe and clean:
Please do the following to clean up your PC:
  • Delete the tools used during the disinfection:
    • Download OTC from the following mirrors and save it to your desktop:
    • Double click on the file.
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  • If you want to set your system to hide all hidden files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
    Check the Hide protected operating system files (recommended) option.
    Click Yes to confirm.
  • Disable and Enable System Restore.
    You can find instructions on how to disable and reenable system restore here:
    Windows ME System Restore Guide
    Windows XP System Restore Guide
    Windows Vista System Restore Guide

    Note: You should only do this once, not on a regular basis!
    You will not be able to restore computer to any earlier than today!
Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.
Some more links you might find of interest:Have a nice day
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:05 PM

Posted 26 October 2009 - 02:32 PM

Since this topic appears to be resolved, I will now close it.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users