Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirection


  • This topic is locked This topic is locked
14 replies to this topic

#1 mustang0222

mustang0222

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 24 October 2009 - 08:16 PM

Hello all, I've been having a problem with my browser redirecting to random sites whenever I click on a search engine result. I can tell this is a fairly common on these boards but everything I do comes up blank.

I've had the antivirus2009 malware that took over my registry/cmd and basically entire system but got it cleared up with avira/malwarebytes. Now the only thing that appears to be left is this stupid redirection thats driving me crazy. Any help would be greatly appreciated guys, thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:08 PM, on 10/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Vidalia\vidalia.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WDefend - Unknown owner - C:\WINDOWS\svohost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

BC AdBot (Login to Remove)

 


#2 mustang0222

mustang0222
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 24 October 2009 - 08:28 PM

Heres a few more things as required from the main topic....

DDS (Ver_09-10-24.03) - NTFSx86
Run by Steven at 21:21:39.15 on Sat 10/24/2009
Internet Explorer: 6.0.2900.2180

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [DellTransferAgent] "c:\documents and settings\all users\application data\dell\transferagent\TransferAgent.exe"
uRun: [Vidalia] "c:\program files\vidalia\vidalia.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_08\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steven\applic~1\mozilla\firefox\profiles\459y8u5w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - HiddenExtension: XULRunner: {826AC0BE-3936-4D76-9F12-635669957B89} - c:\documents and settings\steven\local settings\application data\{826AC0BE-3936-4D76-9F12-635669957B89}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-25 01:05:25 0 d-----w- c:\program files\Trend Micro
2009-10-24 22:11:38 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-24 21:28:05 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-24 21:28:05 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-24 21:12:55 0 d-sha-r- C:\cmdcons
2009-10-24 21:09:19 98816 ----a-w- c:\windows\sed.exe
2009-10-24 21:09:19 236544 ----a-w- c:\windows\PEV.exe
2009-10-24 21:09:19 161792 ----a-w- c:\windows\SWREG.exe
2009-10-17 19:59:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 19:59:15 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 18:54:05 0 d-----w- c:\docume~1\steven\applic~1\SUPERAntiSpyware.com
2009-10-17 18:54:05 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-17 18:30:09 0 d-----w- c:\program files\Yahoo!
2009-10-17 06:41:59 0 d-----w- C:\_OTM
2009-10-17 06:18:06 58 ----a-w- c:\windows\wp4.dat
2009-10-17 06:18:06 3 ----a-w- c:\windows\wp3.dat
2009-10-17 06:18:06 287232 ----a-w- c:\windows\svohost.exe.XXX
2009-10-17 06:17:54 88 ----a-w- c:\windows\system32\wwp.htm
2009-10-17 06:14:44 49152 ----a-w- C:\bqefoh.exe
2009-10-17 06:14:23 0 ----a-w- C:\vwj.exe

==================== Find3M ====================

2009-09-25 05:49:02 668672 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:49:02 668672 ------w- c:\windows\system32\dllcache\wininet.dll
2009-09-25 05:49:02 628224 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-09-25 05:49:02 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-09-25 05:49:02 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-09-25 05:49:01 532480 ------w- c:\windows\system32\dllcache\mstime.dll
2009-09-25 05:49:01 449024 ------w- c:\windows\system32\dllcache\mshtmled.dll
2009-09-25 05:49:01 39424 ------w- c:\windows\system32\dllcache\pngfilt.dll
2009-09-25 05:49:01 3070976 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-25 05:49:01 146432 ------w- c:\windows\system32\dllcache\msrating.dll
2009-09-25 05:48:59 96256 ------w- c:\windows\system32\dllcache\inseng.dll
2009-09-25 05:48:59 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-25 05:48:59 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-09-25 05:48:59 55808 ------w- c:\windows\system32\dllcache\extmgr.dll
2009-09-25 05:48:59 251904 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-09-25 05:48:59 16384 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-09-25 05:48:58 357888 ------w- c:\windows\system32\dllcache\dxtmsft.dll
2009-09-25 05:48:58 205312 ------w- c:\windows\system32\dllcache\dxtrans.dll
2009-09-25 05:48:58 151040 ------w- c:\windows\system32\dllcache\cdfview.dll
2009-09-25 05:48:58 1054208 ------w- c:\windows\system32\dllcache\danim.dll
2009-09-25 05:48:57 1024000 ------w- c:\windows\system32\dllcache\browseui.dll
2009-09-18 09:46:06 18432 ------w- c:\windows\system32\dllcache\iedw.exe
2009-09-11 14:03:37 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:03:37 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 20:45:26 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:16:37 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-21 09:46:35 450560 ------w- c:\windows\system32\dllcache\jscript.dll
2009-08-05 09:11:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 09:11:47 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 12:51:17 2185984 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 12:49:00 2142720 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 12:49:00 2142720 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 12:02:00 2062976 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-08-04 12:02:00 2020864 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 12:02:00 2020864 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2007-10-11 00:21:58 56 --sh--r- c:\windows\system32\4064FE9C83.sys
2006-10-02 12:15:20 88 --sh--r- c:\windows\system32\839CFE6440.sys
2007-10-11 20:12:43 5642 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 21:23:42.20 ===============

#3 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:07 PM

Posted 01 November 2009 - 11:17 AM

Hello mustang0222

Welcome to BleepingComputer :(
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#4 mustang0222

mustang0222
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 01 November 2009 - 01:05 PM

kahdah - thanks so much for helping me, i've been dying to get this problem fixed. The gmer report stopped and my desktop disappeared after it read the atapi.sys file. Heres the logs...
OTL:
OTL logfile created on: 11/1/2009 12:01:32 PM - Run 1
OTL by OldTimer - Version 3.1.1.8 Folder = C:\Documents and Settings\Steven\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 382.28 Mb Available Physical Memory | 37.69% Memory free
2.88 Gb Paging File | 1.93 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 2032 4064 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.35 Gb Total Space | 0.15 Gb Free Space | 0.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.28 Gb Total Space | 788.61 Gb Free Space | 84.68% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVE
Current User Name: Steven
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Steven\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Vidalia\vidalia.exe ()
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\DAP\DAP.exe (Speedbit Ltd.)
PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe ( )
PRC - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe (Smith Micro Software, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
PRC - C:\WINDOWS\system32\WISPTIS.EXE (Microsoft Corporation)
PRC - C:\Program Files\DC++\DCPlusPlus.exe ()
PRC - C:\Program Files\AIM6\aolsoftware.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (InstallShield Software Corporation)
PRC - c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Win32 Services (SafeList) ==========

SRV - File not found
SRV - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel Corporation)
SRV - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)
SRV - c:\Program Files\McAfee.com\Agent\Mcdetect.exe (McAfee, Inc)
SRV - c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)
SRV - c:\Program Files\McAfee.com\VSO\McShield.exe (McAfee Inc.)
SRV - C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe (McAfee Inc.)
SRV - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe (McAfee, Inc)
SRV - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - C:\WINDOWS\system32\drivers\2bfus66giyi.sys ()
DRV - C:\WINDOWS\system32\drivers\AegisP.sys (Cisco Systems, Inc.)
DRV - C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - C:\WINDOWS\system32\drivers\MpFirewall.sys (McAfee)
DRV - C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\drivers\naiavf5x.sys (McAfee Inc.)
DRV - C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Steven\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\hccutils.dll (Intel Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8118

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/25 23:07:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRA~1\Mozilla Firefox\components [2009/08/19 18:40:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRA~1\Mozilla Firefox\plugins [2009/10/25 23:08:13 | 00,000,000 | ---D | M]

[2007/08/01 06:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\videodowloader@videodownloader.net
[2009/02/07 18:05:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\moveplayer@movenetworks.com
[2008/12/17 17:13:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/01/22 14:15:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/08/13 21:45:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/30 14:11:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions
[2009/10/30 14:11:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions
[2009/08/13 21:45:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/22 14:15:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2008/12/17 17:13:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/02/07 18:05:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\moveplayer@movenetworks.com
[2007/08/01 06:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\videodowloader@videodownloader.net
[2008/03/28 15:22:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2009/10/25 23:08:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2008/12/19 11:26:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/30 14:11:53 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/30 14:11:53 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/19 11:26:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/25 23:08:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2008/03/28 15:22:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/12/19 11:26:03 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/12/19 11:26:03 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/12/19 11:26:03 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008/12/19 11:26:03 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/12/19 11:26:03 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2008/08/06 15:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/10/25 23:07:57 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2006/07/11 14:48:13 | 00,528,896 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2006/07/28 20:23:31 | 00,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2008/12/19 11:26:05 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2008/02/29 11:37:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/02/29 11:37:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/02/29 11:37:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/02/29 11:37:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/02/29 11:37:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/02/29 11:37:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/02/29 11:37:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2007/03/10 00:16:52 | 00,001,514 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2007/03/10 00:16:52 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2007/03/10 00:16:52 | 00,001,038 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2007/03/10 00:16:52 | 00,001,046 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2007/03/10 00:16:52 | 00,002,351 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2007/03/10 00:16:52 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellTransferAgent] C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe ( )
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia\vidalia.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
O4 - Startup: C:\Documents and Settings\Steven\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Steven\Start Menu\Programs\Startup\MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe (Smith Micro Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 137.99.203.20 137.99.25.14
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/01 13:53:24 | 00,000,071 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{b3e2ff5a-d2ad-11dd-93a1-0015c57b75b7}\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/01 11:59:11 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steven\Desktop\OTL.exe
[2009/10/29 09:20:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/10/27 14:34:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven\Desktop\GooredFix Backups
[2009/10/27 14:28:15 | 00,069,192 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Steven\Desktop\GooredFix.exe
[2009/10/25 23:16:42 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Steven\Desktop\RootRepeal.exe
[2009/10/25 23:08:13 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/10/25 23:08:13 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/25 23:08:13 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/25 23:08:13 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/25 23:08:13 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/25 22:25:51 | 16,664,352 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Steven\Desktop\jre-6u16-windows-i586.exe
[2009/10/25 16:44:43 | 08,067,224 | ---- | C] (Mozilla) -- C:\Documents and Settings\Steven\Desktop\Firefox Setup 3.5.3.exe
[2009/10/25 09:25:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven\DoctorWeb
[2009/10/25 09:19:46 | 19,507,376 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Steven\Desktop\2mj4ug6r.exe
[2009/10/24 20:05:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/24 20:05:02 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Steven\Desktop\HJTInstall.exe
[2009/10/24 19:14:36 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steven\Desktop\OTS.exe
[2009/10/24 17:11:38 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/24 17:02:25 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Steven\Recent
[2009/10/24 16:28:05 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/10/24 16:28:05 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2009/10/24 16:12:55 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/24 16:09:19 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/24 16:09:19 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/24 16:09:19 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/24 16:09:19 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/24 16:09:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/24 16:06:17 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/24 16:01:47 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Steven\Desktop\ATF-Cleaner.exe
[2009/10/20 22:59:24 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Steven\Desktop\setup-spybotsd162.exe
[2009/10/17 22:53:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven\Desktop\Senior Design Project
[2009/10/17 22:47:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven\Desktop\Comp Mechanics
[2009/10/17 22:47:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven\Desktop\Resumes
[2009/10/17 22:47:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven\Desktop\Metal Cutting
[2009/10/17 22:46:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven\Desktop\Recovery
[2009/10/17 14:59:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/17 14:59:15 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/17 13:54:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven\Application Data\SUPERAntiSpyware.com
[2009/10/17 13:54:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/17 13:34:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven\Local Settings\Application Data\Xenocode
[2009/10/17 13:30:09 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/10/17 01:41:59 | 00,000,000 | ---D | C] -- C:\_OTM
[9 C:\Documents and Settings\Steven\My Documents\*.tmp files -> C:\Documents and Settings\Steven\My Documents\*.tmp -> ]
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Steven\Desktop\*.tmp files -> C:\Documents and Settings\Steven\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/01 11:59:13 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steven\Desktop\OTL.exe
[2009/11/01 02:23:32 | 77,116,2550 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\dwp_audrey_bitoni02-sd169.wmv
[2009/11/01 01:07:07 | 00,054,784 | ---- | M] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/30 17:57:17 | 00,484,707 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Miami-Heat-2010-Widescreen-Wallpaper.jpg
[2009/10/30 17:56:35 | 00,188,055 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Kevin-Durant-Wallpaper-001.jpg
[2009/10/30 17:55:51 | 00,177,418 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Dwyane-Wade-Heat-Wallpaper.jpg
[2009/10/30 17:55:31 | 00,297,834 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Dwyane-Wade-Burning-Wallpaper.jpg
[2009/10/30 17:54:51 | 00,224,080 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Dwyane-Wade-Dunk-Wallpaper.jpg
[2009/10/30 17:52:24 | 00,291,189 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\We-Are-All-Witnesses-LeBron-Wallpaper2.jpg
[2009/10/30 17:52:17 | 00,291,189 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\We-Are-All-Witnesses-LeBron-Wallpaper.jpg
[2009/10/30 17:51:50 | 00,125,667 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\NBA_miami_heat_1.jpg
[2009/10/30 17:50:39 | 00,064,245 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\miami-heat-team-logo.jpg
[2009/10/28 23:00:12 | 01,675,264 | ---- | M] () -- C:\WINDOWS\MEDB.mdb
[2009/10/28 22:59:21 | 06,763,383 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Timbaland-Say_Something_(Feat._Drake)(CDQ)-HIF.mp3
[2009/10/28 22:57:36 | 04,406,409 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\07-lil__wayne-break_up__feat._short_dawg_and_gudda_gudda_-hif.mp3
[2009/10/28 22:57:18 | 04,770,628 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\08-lil__wayne-banned_from_tv-hif.mp3
[2009/10/28 22:56:56 | 04,203,371 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\DJ_Khaled-Fed_Up_(Feat._Usher,_Young_Jeezy,_Rick_Ross,_And_Drake)(Prod._By_The_Runners)(Dirty)-HIF.mp3
[2009/10/28 22:56:16 | 05,774,656 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\08-50_cent-stretch-hif.mp3
[2009/10/28 22:55:48 | 05,496,474 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\02-50_cent-then_day_went_by-hif.mp3
[2009/10/28 22:55:29 | 06,566,045 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\05-50_cent-psycho_(feat._eminem)-hif.mp3
[2009/10/28 22:54:59 | 05,129,284 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\04-50_cent-so_disrespectful-hif.mp3
[2009/10/28 15:56:48 | 37,016,1722 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Sons.of.Anarchy.S02E08.HDTV.XviD-XII.avi
[2009/10/28 11:52:09 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/10/28 11:52:09 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/10/28 09:05:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/28 09:05:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/28 09:05:26 | 10,637,14816 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/28 09:04:35 | 08,650,752 | -H-- | M] () -- C:\Documents and Settings\Steven\NTUSER.DAT
[2009/10/28 09:04:35 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Steven\ntuser.ini
[2009/10/27 14:28:10 | 00,069,192 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Steven\Desktop\GooredFix.exe
[2009/10/25 23:16:27 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Steven\Desktop\RootRepeal.exe
[2009/10/25 23:07:56 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/10/25 23:07:56 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/25 23:07:56 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/25 23:07:56 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/25 23:07:56 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/25 22:24:32 | 16,664,352 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Steven\Desktop\jre-6u16-windows-i586.exe
[2009/10/25 18:05:19 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\avenger.zip
[2009/10/25 17:43:26 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\ME Test II Covers.doc
[2009/10/25 16:44:43 | 08,067,224 | ---- | M] (Mozilla) -- C:\Documents and Settings\Steven\Desktop\Firefox Setup 3.5.3.exe
[2009/10/25 16:13:31 | 00,000,813 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/25 16:13:31 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/25 16:13:31 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/25 16:04:36 | 00,100,448 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2009/10/25 16:03:08 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (STEVE-Steven).job
[2009/10/25 15:31:31 | 00,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/25 15:31:31 | 00,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/25 15:31:31 | 00,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/25 09:23:37 | 19,507,376 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Steven\Desktop\2mj4ug6r.exe
[2009/10/24 20:25:23 | 00,003,914 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Attach.rar
[2009/10/24 20:21:23 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\dds.scr
[2009/10/24 20:05:27 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\HijackThis.lnk
[2009/10/24 20:04:06 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Steven\Desktop\HJTInstall.exe
[2009/10/24 19:14:58 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steven\Desktop\OTS.exe
[2009/10/24 17:11:44 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/24 16:31:28 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/24 16:07:48 | 03,352,189 | R--- | M] () -- C:\Documents and Settings\Steven\Desktop\ComboFix.exe
[2009/10/24 16:01:49 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Steven\Desktop\ATF-Cleaner.exe
[2009/10/24 10:08:05 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Dxirocukali.dat
[2009/10/24 00:28:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Mcocusovo.bin
[2009/10/21 22:19:37 | 27,170,820 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Bryce485Squat.mpg
[2009/10/21 20:22:07 | 00,291,328 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\fwpg5f68.exe
[2009/10/21 08:49:27 | 00,004,371 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/10/20 23:17:02 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Machine Design Project.doc
[2009/10/20 23:00:01 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Steven\Desktop\setup-spybotsd162.exe
[2009/10/20 22:59:35 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\ME%203227%2009%20Project#1%20Idea%20gen%20fa08.doc
[2009/10/19 16:30:39 | 00,129,536 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\ME%203217%20Syllabus.doc
[2009/10/18 21:08:29 | 01,295,360 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\10-19-09 Oral Presentation Jeff.ppt
[2009/10/18 19:48:10 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Project Approach.doc
[2009/10/18 17:35:08 | 01,296,896 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\10-19-09 Oral Presentation.ppt
[2009/10/17 14:59:21 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/17 01:41:58 | 00,000,058 | ---- | M] () -- C:\WINDOWS\wp4.dat
[2009/10/17 01:41:58 | 00,000,003 | ---- | M] () -- C:\WINDOWS\wp3.dat
[2009/10/17 01:18:06 | 00,287,232 | ---- | M] () -- C:\WINDOWS\svohost.exe.XXX
[2009/10/17 01:17:54 | 00,000,088 | ---- | M] () -- C:\WINDOWS\System32\wwp.htm
[2009/10/17 01:17:38 | 00,000,000 | ---- | M] () -- C:\vwj.exe
[2009/10/14 20:46:01 | 00,000,157 | ---- | M] () -- C:\WINDOWS\matlab.ini
[2009/10/14 14:51:56 | 00,050,176 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\531calc_ORIGINALv3.xls
[2009/10/12 22:18:40 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/10/12 21:40:35 | 00,019,210 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\megan-fox-fhm.jpg
[2009/10/11 07:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/06 16:33:54 | 30,663,450 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\S5000273.AVI
[2009/10/06 16:21:34 | 47,019,012 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\S5000272.AVI
[2009/10/06 16:18:20 | 07,767,528 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\S5000271.AVI
[9 C:\Documents and Settings\Steven\My Documents\*.tmp files -> C:\Documents and Settings\Steven\My Documents\*.tmp -> ]
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Steven\Desktop\*.tmp files -> C:\Documents and Settings\Steven\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/01 00:25:00 | 77,116,2550 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\dwp_audrey_bitoni02-sd169.wmv
[2009/10/30 17:57:16 | 00,484,707 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Miami-Heat-2010-Widescreen-Wallpaper.jpg
[2009/10/30 17:56:35 | 00,188,055 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Kevin-Durant-Wallpaper-001.jpg
[2009/10/30 17:55:51 | 00,177,418 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Dwyane-Wade-Heat-Wallpaper.jpg
[2009/10/30 17:55:31 | 00,297,834 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Dwyane-Wade-Burning-Wallpaper.jpg
[2009/10/30 17:54:50 | 00,224,080 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Dwyane-Wade-Dunk-Wallpaper.jpg
[2009/10/30 17:52:24 | 00,291,189 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\We-Are-All-Witnesses-LeBron-Wallpaper2.jpg
[2009/10/30 17:52:17 | 00,291,189 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\We-Are-All-Witnesses-LeBron-Wallpaper.jpg
[2009/10/30 17:51:50 | 00,125,667 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\NBA_miami_heat_1.jpg
[2009/10/30 17:50:39 | 00,064,245 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\miami-heat-team-logo.jpg
[2009/10/28 22:59:12 | 06,763,383 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Timbaland-Say_Something_(Feat._Drake)(CDQ)-HIF.mp3
[2009/10/28 22:57:34 | 04,406,409 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\07-lil__wayne-break_up__feat._short_dawg_and_gudda_gudda_-hif.mp3
[2009/10/28 22:57:15 | 04,770,628 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\08-lil__wayne-banned_from_tv-hif.mp3
[2009/10/28 22:56:50 | 04,203,371 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\DJ_Khaled-Fed_Up_(Feat._Usher,_Young_Jeezy,_Rick_Ross,_And_Drake)(Prod._By_The_Runners)(Dirty)-HIF.mp3
[2009/10/28 22:56:08 | 05,774,656 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\08-50_cent-stretch-hif.mp3
[2009/10/28 22:55:40 | 05,496,474 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\02-50_cent-then_day_went_by-hif.mp3
[2009/10/28 22:55:19 | 06,566,045 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\05-50_cent-psycho_(feat._eminem)-hif.mp3
[2009/10/28 22:54:53 | 05,129,284 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\04-50_cent-so_disrespectful-hif.mp3
[2009/10/28 15:39:54 | 37,016,1722 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Sons.of.Anarchy.S02E08.HDTV.XviD-XII.avi
[2009/10/28 11:52:09 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/10/28 11:52:09 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/10/25 18:05:23 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\avenger.zip
[2009/10/25 17:43:26 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\ME Test II Covers.doc
[2009/10/24 20:25:15 | 00,003,914 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Attach.rar
[2009/10/24 20:21:24 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\dds.scr
[2009/10/24 20:05:26 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\HijackThis.lnk
[2009/10/24 17:11:44 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/24 16:13:02 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/24 16:12:56 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/24 16:09:19 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/24 16:09:19 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/24 16:09:19 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/24 16:09:19 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/24 14:34:38 | 03,352,189 | R--- | C] () -- C:\Documents and Settings\Steven\Desktop\ComboFix.exe
[2009/10/21 22:18:11 | 27,170,820 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Bryce485Squat.mpg
[2009/10/21 20:22:18 | 00,291,328 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\fwpg5f68.exe
[2009/10/20 23:17:02 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Machine Design Project.doc
[2009/10/19 16:30:48 | 00,129,536 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\ME%203217%20Syllabus.doc
[2009/10/19 16:29:58 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\ME%203227%2009%20Project#1%20Idea%20gen%20fa08.doc
[2009/10/18 19:56:05 | 01,295,360 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\10-19-09 Oral Presentation Jeff.ppt
[2009/10/18 09:49:40 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Project Approach.doc
[2009/10/18 09:49:35 | 01,296,896 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\10-19-09 Oral Presentation.ppt
[2009/10/17 22:55:04 | 30,663,450 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\S5000273.AVI
[2009/10/17 22:54:57 | 47,019,012 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\S5000272.AVI
[2009/10/17 22:54:56 | 07,767,528 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\S5000271.AVI
[2009/10/17 13:46:19 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/17 01:18:06 | 00,287,232 | ---- | C] () -- C:\WINDOWS\svohost.exe.XXX
[2009/10/17 01:18:06 | 00,000,058 | ---- | C] () -- C:\WINDOWS\wp4.dat
[2009/10/17 01:18:06 | 00,000,003 | ---- | C] () -- C:\WINDOWS\wp3.dat
[2009/10/17 01:17:54 | 00,000,088 | ---- | C] () -- C:\WINDOWS\System32\wwp.htm
[2009/10/17 01:14:23 | 00,000,000 | ---- | C] () -- C:\vwj.exe
[2009/10/12 21:40:35 | 00,019,210 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\megan-fox-fhm.jpg
[2008/10/01 21:41:06 | 00,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI
[2008/09/24 17:15:09 | 00,000,157 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2008/07/04 13:32:20 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2008/07/04 13:32:20 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2008/07/04 13:32:20 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2008/07/04 13:32:20 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/01/16 17:07:41 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2007/10/26 15:53:18 | 00,000,141 | ---- | C] () -- C:\WINDOWS\LODERUNN.INI
[2007/10/17 14:22:06 | 00,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/10/17 14:22:06 | 00,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/10/17 14:22:06 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/10/17 14:22:06 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/10/17 14:22:06 | 00,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/10/17 14:22:05 | 00,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/04/15 12:37:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\sas.INI
[2007/03/13 20:11:28 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\4064FE9C83.sys
[2007/01/10 15:30:19 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2006/12/13 19:54:09 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/29 12:30:09 | 00,043,048 | ---- | C] () -- C:\Documents and Settings\Steven\Application Data\GDIPFONTCACHEV1.DAT
[2006/10/06 11:03:36 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\fusioncache.dat
[2006/09/16 16:39:34 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/30 18:28:25 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Steven\Application Data\PFP120JPR.{PB
[2006/08/30 18:28:25 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Steven\Application Data\PFP120JCM.{PB
[2006/08/18 16:46:21 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/07 19:10:22 | 00,054,784 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/02 14:38:33 | 00,108,816 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/08/02 14:37:37 | 00,005,642 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/02 14:37:37 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\839CFE6440.sys
[2006/08/01 15:31:20 | 00,003,435 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/01 14:52:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Steven\Application Data\desktop.ini
[2006/08/01 14:52:17 | 05,834,780 | -H-- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\IconCache.db
[2006/07/26 21:05:58 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/07/25 05:21:34 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/25 05:14:16 | 00,004,371 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/25 04:59:39 | 00,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/07/25 04:58:19 | 00,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006/07/25 04:57:55 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/07/25 04:33:47 | 01,355,938 | ---- | C] () -- C:\WINDOWS\System32\ctmbha.dll.ego
[2006/07/25 04:33:24 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/07/25 04:31:41 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/21 05:33:40 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/11/10 01:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/02 16:24:01 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/10 12:51:28 | 00,000,813 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 12:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/10 12:51:16 | 00,079,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\2bfus66giyi.sys
[2002/10/15 17:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== LOP Check ==========

[2008/04/15 13:41:37 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/01/28 14:20:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2006/07/25 04:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2007/10/17 14:22:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/02/20 19:34:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2004/08/10 13:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/10/17 14:23:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/11/01 00:24:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/10/17 14:23:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/02/18 16:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/12/13 19:56:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\acccore
[2006/08/06 22:34:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Aim
[2006/11/18 22:11:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Azureus
[2008/04/15 13:45:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Canon
[2007/03/13 20:11:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Corel
[2006/08/02 14:38:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Corel Photo Album
[2006/10/06 11:08:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\CyberLink
[2008/09/24 16:47:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\DAEMON Tools
[2008/04/20 14:55:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Eltima Software
[2009/08/21 09:22:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\ICAClient
[2006/07/25 04:53:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Intel
[2008/02/09 14:33:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Intuit
[2006/10/21 15:35:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Leadertech
[2008/09/24 17:14:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\MathWorks
[2009/04/18 13:55:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Move Networks
[2007/05/20 00:38:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Opera
[2007/08/11 16:10:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\SCT
[2008/07/04 13:35:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Simply Super Software
[2007/12/09 00:20:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\SopCast
[2006/09/26 20:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\StudyMinder
[2009/10/28 20:03:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Tor
[2007/10/17 14:49:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Ulead Systems
[2009/10/28 15:57:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\uTorrent
[2009/10/28 16:36:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Vidalia
[2007/01/11 11:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Viewpoint
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/28 09:05:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
< End of report >
--------------------------------------------------------------
EXTRAS:
OTL Extras logfile created on: 11/1/2009 12:01:32 PM - Run 1
OTL by OldTimer - Version 3.1.1.8 Folder = C:\Documents and Settings\Steven\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 382.28 Mb Available Physical Memory | 37.69% Memory free
2.88 Gb Paging File | 1.93 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 2032 4064 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.35 Gb Total Space | 0.15 Gb Free Space | 0.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.28 Gb Total Space | 788.61 Gb Free Space | 84.68% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVE
Current User Name: Steven
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8118:TCP" = 8118:TCP:*:Enabled:Torrent3
"9050:TCP" = 9050:TCP:*:Enabled:torrent4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- ()
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\battlegrounds_x1.exe" = C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\battlegrounds_x1.exe:*:Enabled:Star Wars Galactic Battlegrounds: Clone Campaigns -- (LucasArts Entertainment Company LLC)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\Steven\Application Data\SopCast\adv\SopAdver.exe" = C:\Documents and Settings\Steven\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\MATLAB7\bin\win32\MATLAB.exe" = C:\MATLAB7\bin\win32\MATLAB.exe:*:Enabled:MATLAB 7.0 -- (The MathWorks Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe" = C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe:*:Enabled:WLKeeper -- (Intel Corporation)
"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" = C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe:*:Enabled:S24EvMon -- (Intel Corporation )
"C:\Program Files\Alwil Software\Avast4\ashServ.exe" = C:\Program Files\Alwil Software\Avast4\ashServ.exe:*:Enabled:ashServ -- (ALWIL Software)
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService -- (Apple Inc.)
"C:\Program Files\Dell\QuickSet\NicConfigSvc.exe" = C:\Program Files\Dell\QuickSet\NicConfigSvc.exe:*:Enabled:NICCONFIGSVC -- (Dell Inc.)
"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" = C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe:*:Enabled:RegSrvc -- (Intel Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0314ED3D-26A7-4F62-86A2-6B23353445E8}" = Star Wars Galactic Battlegrounds: Clone Campaigns
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP90" = Canon iP90
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{214ED689-3F31-4ABC-A79D-870A73ECB086}" = TurboTax 2008 wctiper
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2C0CD17D-0B06-4700-83FA-7344B868B0A2}" = Opera 9.63
"{2C42ED1E-6315-4E63-89E6-057EA114EBB8}" = MetaFrame Presentation Server Client
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{347C930F-02F4-4A5C-94D0-5548ADF3486B}" = Live Link 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A202BDBA-753F-41B9-B649-CFB0B45FC03E}" = Star Wars Galactic Battlegrounds
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.4
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"AIM_6" = AIM 6
"AOL Instant Messenger" = AOL Instant Messenger
"avast!" = avast! Antivirus
"BitLord" = BitLord 1.1
"CCleaner" = CCleaner (remove only)
"DC++" = DC++ 0.698
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"E0814F95-5380-4892-B8C8-7FA4B349EF46" = Chuzzle Deluxe
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"LimeWire" = LimeWire 4.12.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR14" = MATLAB Family of Products Release 14
"McAfee Uninstall Utility" = McAfee Uninstaller
"MediaCoder" = MediaCoder 0.6.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MP4 Converter" = MP4 Converter
"myPowerHour_is1" = myPowerHour 1.2
"Network Play System (Patching)" = Network Play System (Patching)
"Privoxy" = Privoxy 3.0.6
"RealPlayer 6.0" = RealPlayer Basic
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SopCast" = SopCast 2.0.4
"SopCore" = SopCore 1.1.2
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tor" = Tor 0.2.0.32
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"uTorrent" = µTorrent
"VCast Music Essentials Manager" = V CAST Music Manager
"Vidalia" = Vidalia 0.1.15
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.9
"VobSub" = VobSub v2.23 (Remove Only)
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR archiver
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 3 Free 3.82
"WM Recorder 11.2" = WM Recorder 11.2
"WMFDist11" = Windows Media Format 11 runtime
"Worms Armageddon" = Worms Armageddon
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"YouTube Downloader 3000_is1" = YouTube Downloader 3000 ver. 1.0.1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >



GMER REPORT
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-01 12:49:33
Windows 5.1.2600 Service Pack 2
Running: 8y97o0in.exe; Driver: C:\DOCUME~1\Steven\LOCALS~1\Temp\uxtdypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA1466B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA146574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA146A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA14614C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA14664E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA14608C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA1460F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA14676E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA14672E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA1468AE]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF739C380]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3012] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 3260531D C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[964] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[964] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2356] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3108] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] 012DF770
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] 012DFAA0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetCommandLineA] 012E1030
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] 012DDB70
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 012D94C0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 012DAA00
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 012DB750
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 012DFF60
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] 012E1020
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentVariableA] 012DB860
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileType] 012DDC80
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DuplicateHandle] 012DDAD0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetFilePointer] 012DD930
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 012DCA70
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] 012DD200
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 012DCEB0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 012DD630
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetACP] 012E1040
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStrings] 012DB9C0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStringsW] 012DBCF0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 012DC020
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] 012DC190
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 012DC270
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] 012DC120
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 012E0CD0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 012E09C0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 012D94C0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 012DAA00
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 012DDB70
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 012DB750
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 012DAD30
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 012DCEB0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 012DFEA0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 012DFEE0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 012E1020
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 012DFAA0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 012DDAD0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 012DC270
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 012DB400
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 012DBCF0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 012E15A0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 012DD200
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 012DD930
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 012DE560
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 012DE040
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 012DE4E0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 012DF000
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 012DE6D0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 012DB0B0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 012DC120
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 012DFFC0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 012DE180
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 012DDA70
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 012DD630
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 012DDC80
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 012E1040
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 012DDF80
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 012E12E0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 012E1280
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 012E14D0
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 012E1570
IAT C:\Program Files\DAP\DAP.EXE[5064] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 012E13A0

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F738F9F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort0 [F738F9F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort1 [F738F9F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F738F9F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x06 0x2C 0x57 0x22 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFF 0x30 0xFF 0x17 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD1 0xC5 0xFF 0x4E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x9D 0xF8 0x17 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x06 0x2C 0x57 0x22 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFF 0x30 0xFF 0x17 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD1 0xC5 0xFF 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x9D 0xF8 0x17 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x06 0x2C 0x57 0x22 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFF 0x30 0xFF 0x17 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD1 0xC5 0xFF 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x9D 0xF8 0x17 0x97 ...

---- Files - GMER 1.0.15 ----

File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@Estimation 0 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@Estimation\Estimation.m 658 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@Estimation\schema.m 1193 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@FrequencyData 0 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@FrequencyData\build.m 934 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@FrequencyData\FrequencyData.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@FrequencyData\indices.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@FrequencyData\mergedata.m 389 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@FrequencyData\schema.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@FrequencyExperiment 0 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@FrequencyExperiment\copy.m 636 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@FrequencyExperiment\evalForm.m 599 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@FrequencyExperiment\FrequencyExperiment.m 1387 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@FrequencyExperiment\mergedata.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@FrequencyExperiment\schema.m 892 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@StateData 0 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@StateData\evalForm.m 773 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@StateData\indices.m 375 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@StateData\mergedata.m 389 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@StateData\schema.m 1280 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@StateData\StateData.m 749 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@SteadyStateData 0 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@SteadyStateData\build.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@SteadyStateData\indices.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@SteadyStateData\mergedata.m 389 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@SteadyStateData\schema.m 1584 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@SteadyStateData\SteadyStateData.m 704 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@SteadyStateExperiment 0 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@SteadyStateExperiment\copy.m 638 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@SteadyStateExperiment\evalForm.m 601 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@SteadyStateExperiment\mergedata.m 661 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@SteadyStateExperiment\schema.m 896 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@SteadyStateExperiment\SteadyStateExperiment.m 1104 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@TransientData 0 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@TransientData\build.m 919 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@TransientData\indices.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@TransientData\mergedata.m 389 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@TransientData\schema.m 2115 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@TransientData\TransientData.m 772 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@TransientExperiment 0 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@TransientExperiment\copy.m 558 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@TransientExperiment\evalForm.m 611 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@TransientExperiment\mergedata.m 677 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@TransientExperiment\schema.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\@TransientExperiment\TransientExperiment.m 1112 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@ParameterEstimatorData\schema.m 248 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@spedialogs\@ParameterImport\configureButtons.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@spedialogs\@ParameterImport\ParameterImport.m 1892 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@spedialogs\@ParameterImport\schema.m 986 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@spedialogs\@ParameterImport\setModelData.m 2718 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@spedialogs\@ParameterImport\setViewData.m 1505 bytes
File C:\MATLAB7\toolbox\slestim\slestguis\@spedialogs\@ParameterImport\show.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@estimator 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@estimator\cost.m 1151 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@estimator\covariance.m 849 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@estimator\error.m 595 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@estimator\estimator.m 311 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@estimator\gradient.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@estimator\initialize.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@estimator\numjacobian.m 1499 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@estimator\obj2var.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@estimator\schema.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@estimator\simjacobian.m 2734 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@estimator\syncEstimation.m 986 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@estimator\var2obj.m 593 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@estimator\var2parG.m 2183 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@fmincon 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@fmincon\fmincon.m 669 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@fmincon\getIterInfo.m 591 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@fmincon\minimize.m 1600 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@fmincon\schema.m 520 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@fminsearch 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@fminsearch\fminsearch.m 621 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@fminsearch\getIterInfo.m 477 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@fminsearch\minimize.m 1152 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@fminsearch\schema.m 526 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@lsqnonlin 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@lsqnonlin\getIterInfo.m 565 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@lsqnonlin\lsqnonlin.m 678 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@lsqnonlin\minimize.m 1552 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@lsqnonlin\schema.m 524 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\@patternsearch 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@estimator\schema.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@TransientData 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@TransientData\display.m 1271 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@TransientData\schema.m 3196 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@TransientData\select.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@TransientData\TransientData.m 1315 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@TransientData\update.m 727 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@TransientData\verify.m 543 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\getSimulators.m 759 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\assignin.m 676 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\checkSettings.m 575 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\clearEstimInfo.m 668 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\compare.m 1326 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\copy.m 785 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\display.m 1976 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\estimate.m 3021 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\Estimation.m 873 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\findpar.m 649 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\getCurrentResponse.m 1256 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\getParameterGradient.m 953 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\getParameterTrajectory.m 935 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\initialize.m 651 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\initpar.m 455 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\logRestore.m 970 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\logSave.m 1290 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\makeGradient.m 368 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\optimget.m 240 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\optimset.m 308 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\restart.m 284 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\schema.m 4538 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\setEstimInfo.m 915 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\simget.m 234 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\simset.m 303 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\simulate.m 690 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Estimation\update.m 3551 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Experiment 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Experiment\initialize.m 477 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Experiment\schema.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@FrequencyData 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@FrequencyExperiment 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@IOData 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@Parameter 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@State 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@StateData 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@SteadyStateData 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@SteadyStateData\display.m 1126 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@SteadyStateData\schema.m 514 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@SteadyStateData\select.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@SteadyStateData\SteadyStateData.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@SteadyStateData\update.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@SteadyStateData\verify.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@SteadyStateExperiment 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@SteadyStateExperiment\copy.m 703 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@SteadyStateExperiment\display.m 1648 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@SteadyStateExperiment\schema.m 2745 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@SteadyStateExperiment\SteadyStateExperiment.m 929 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@SteadyStateExperiment\update.m 7723 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@SteadyStateExperiment\verify.m 74 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@TransientExperiment 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@TransientExperiment\copy.m 623 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@TransientExperiment\display.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@TransientExperiment\getPortHandles.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@TransientExperiment\schema.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@TransientExperiment\TransientExperiment.m 938 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@TransientExperiment\update.m 7725 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\@TransientExperiment\verify.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\copy.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\estimate.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\Estimation.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\findpar.m 548 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\hiliteBlock.m 198 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\initpar.m 281 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\optimget.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\optimset.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\Parameter.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\schema.m 559 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\select.m 290 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\simget.m 236 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\simset.m 232 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\State.m 529 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\StateData.m 469 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\TransientData.m 712 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\TransientExperiment.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@ParameterEstimator\update.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@simulator 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@simulator\@simulator 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@simulator\@simulator\estimCleanup.m 575 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@simulator\@simulator\estimSetup.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@simulator\@simulator\estimUpdate.m 578 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@simulator\@simulator\evalError.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@simulator\@simulator\evalJacobian.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@simulator\@simulator\getCurrentResponse.m 1013 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@simulator\@simulator\getCurrentResponseG.m 1135 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@simulator\@simulator\getCurrentState.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@simulator\@simulator\getCurrentStateG.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@simulator\@simulator\getSimTime.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@simulator\@simulator\logSetup.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@simulator\@simulator\object2struct.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@simulator\@simulator\schema.m 1473 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@simulator\@simulator\simulator.m 351 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@simulator\schema.m 247 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@speoptions 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@speoptions\@OptimOptions 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@speoptions\@OptimOptions\display.m 212 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@speoptions\@OptimOptions\getSettings.m 309 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@speoptions\@OptimOptions\initialize.m 532 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@speoptions\@OptimOptions\schema.m 3367 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@speoptions\@SimOptions 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@speoptions\@SimOptions\display.m 212 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@speoptions\@SimOptions\getSettings.m 280 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@speoptions\@SimOptions\initialize.m 516 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@speoptions\@SimOptions\schema.m 2741 bytes
File C:\MATLAB7\toolbox\slestim\slestim\@speoptions\schema.m 217 bytes
File C:\MATLAB7\toolbox\slestim\slestim\a_lookup.bmp 7048 bytes
File C:\MATLAB7\toolbox\slestim\slestim\Contents.m 2369 bytes
File C:\MATLAB7\toolbox\slestim\slestim\info.xml 1476 bytes
File C:\MATLAB7\toolbox\slestim\slestim\ja 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\ja\info.xml 1459 bytes
File C:\MATLAB7\toolbox\slestim\slestim\lookupnd_stair_fit.m 2528 bytes
File C:\MATLAB7\toolbox\slestim\slestim\matlab2java.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\slblocks.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\speblocks.mdl 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\spehelp.m 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\speherr.html 948 bytes
File C:\MATLAB7\toolbox\slestim\slestim\spelib.mdl 4457 bytes
File C:\MATLAB7\toolbox\slestim\slestim\spelookup.mdl 0 bytes
File C:\MATLAB7\toolbox\slestim\slestim\spetool.m 579 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\lqg_demo.html 468 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\pendulum_demo.mdl 37702 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\pidtune_demo.mdl 27271 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\Contents.m 1124 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\demos.html 4075 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\demos.xml 3033 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\distillation_demo.html 413 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\distillation_demo.mat 4272 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\distillation_demo.mdl 42001 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\heatex_demo.html 487 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\heatex_demo.mat 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\heatex_demo.mdl 29328 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\ja 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\ja\demos.xml 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\lqg_demo.mat 5936 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\lqg_demo.mdl 29313 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\maglev_demo.html 461 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\maglev_demo.mat 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\maglev_demo.mdl 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\missile_demo.html 391 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\missile_demo.mat 24952 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\missile_demo.mdl 65090 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\pendulum_demo.html 604 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\pendulum_demo.mat 5288 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\phaselock_demo.html 359 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\phaselock_demo.mat 4720 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\phaselock_demo.mdl 42137 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\pidtrack_demo.html 384 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\pidtrack_demo.mat 13136 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\pidtrack_demo.mdl 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\pidtune_demo.html 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\pidtune_demo.mat 4504 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\pitchrate_demo.html 438 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\pitchrate_demo.mat 4384 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\pitchrate_demo.mdl 25326 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\power_demo.html 368 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\power_demo.mat 3456 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\power_demo.mdl 46219 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\rmsdemo.mdl 13113 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\servo_demo.html 419 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\servo_demo.mat 25648 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\servo_demo.mdl 124646 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\srotut1.mdl 17437 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\srotut1_dat.m 67 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\srotut2.mdl 25354 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\srotut2_dat.mat 1296 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\stewart_demo.mat 13336 bytes
File C:\MATLAB7\toolbox\sloptim\sloptdemos\stewart_demo.mdl 120988 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@GridSetForm 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@GridSetForm\addpar.m 274 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@GridSetForm\evalForm.m 600 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@GridSetForm\schema.m 521 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@OptimOptionForm 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@OptimOptionForm\evalForm.m 1626 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@OptimOptionForm\schema.m 671 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@ParameterDialog 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@ParameterDialog\build.m 7310 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@ParameterDialog\ParameterDialog.m 879 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@ParameterDialog\schema.m 617 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@ParameterDialog\selectdlg.m 6154 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@ParameterDialog\showParam.m 1069 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@ParameterDialog\updateList.m 389 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@ParameterForm 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@ParameterForm\evalForm.m 1252 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@ParameterForm\ParameterForm.m 457 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@ParameterForm\schema.m 1199 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@ProjectForm 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@ProjectForm\getUncertainParams.m 350 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@ProjectForm\schema.m 2145 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@ProjectManager 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@ProjectManager\ProjectManager.m 291 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@ProjectManager\schema.m 571 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@RandSetForm 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@RandSetForm\addpar.m 391 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@RandSetForm\evalForm.m 842 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@RandSetForm\schema.m 613 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintDialog 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintDialog\addProjectListeners.m 1310 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintDialog\figmenus.m 8355 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintDialog\getSignalName.m 503 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintDialog\iterdlg.m 1525 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintDialog\load.m 866 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintDialog\loadfrom.m 5770 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintDialog\optdlg.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintDialog\optimize.m 2431 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintDialog\pardlg.m 1701 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintDialog\save.m 1265 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintDialog\saveas.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintDialog\schema.m 967 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintDialog\SignalConstraintDialog.m 2220 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintDialog\targetEditor.m 3412 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintDialog\toolbar.m 2745 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintDialog\uncdlg.m 1040 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\addGoalSelectors.m 2190 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\addmenus.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\addShowMenus.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\clearplot.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\drawconstr.m 5217 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\edit.m 704 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\editconstr.m 5761 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\getaxes.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\initialize.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\LineBDF.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\PropEditor.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\redo.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\refplot.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\scaledlg.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\schema.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\setDataTipMode.m 734 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\SignalConstraintEditor.m 817 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\simplot.m 2332 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\specdlg.m 12457 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\SurfBDF.m 10416 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\traceplot.m 2386 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\undo.m 315 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\update.m 202 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SignalConstraintEditor\updatelims.m 1198 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimProjectForm 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimProjectForm\copy.m 382 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimProjectForm\evalForm.m 966 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimProjectForm\getSimInterval.m 239 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimProjectForm\getTunableParams.m 1647 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimProjectForm\getTunedVarNames.m 408 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimProjectForm\init.m 1701 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimProjectForm\load.m 2372 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimProjectForm\loadNCDStruct.m 4823 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimProjectForm\renameBlock.m 537 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimProjectForm\renameModel.m 368 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimProjectForm\save.m 349 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimProjectForm\schema.m 839 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimProjectForm\setTunedParams.m 604 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimProjectForm\showCurrentResponse.m 1133 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimTestForm 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimTestForm\addblock.m 883 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimTestForm\copy.m 653 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimTestForm\evalForm.m 2242 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimTestForm\findspec.m 346 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimTestForm\getPortDims.m 942 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimTestForm\getSimInterval.m 1331 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimTestForm\rmblock.m 269 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@SimTestForm\schema.m 1384 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@UncertaintyDialog 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@UncertaintyDialog\build.m 11904 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@UncertaintyDialog\schema.m 748 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@UncertaintyDialog\selectdlg.m 5519 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@UncertaintyDialog\UncertaintyDialog.m 830 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@UncertaintyDialog\update.m 1105 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@UncertaintyDialog\updateTable.m 1645 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@UncSetForm 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@UncSetForm\rmpar.m 261 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\@UncSetForm\schema.m 1007 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\@srogui\schema.m 201 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\utAssignParams.m 1630 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\utEvalModelVar.m 468 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\utEvalParams.m 875 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\utFindParams.m 458 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\utFindProject.m 1423 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\utGetLastError.m 268 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\utGetSimInterval.m 632 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\utLoadProject.m 1142 bytes
File C:\MATLAB7\toolbox\sloptim\sloptguis\utSROCopyFcn.m 1381 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@fmincon 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@fmincon\fmincon.m 1100 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@fmincon\minimize.m 3728 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@fmincon\schema.m 248 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@fmincon\showIter.m 2568 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@fminsearch 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@fminsearch\fminsearch.m 788 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@fminsearch\minimize.m 4294 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@fminsearch\schema.m 254 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@fminsearch\showIter.m 2663 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Optimizer 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Optimizer\evalconstr.m 492 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Optimizer\evalconstrG.m 514 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Optimizer\evalcost.m 477 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Optimizer\evalcostG.m 506 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Optimizer\initialize.m 569 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Optimizer\numgrad.m 1123 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Optimizer\par2var.m 946 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Optimizer\postMessage.m 296 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Optimizer\schema.m 540 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Optimizer\simgrad.m 914 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Optimizer\slackgrad.m 765 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Optimizer\syncProject.m 887 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Optimizer\var2par.m 494 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Optimizer\var2parG.m 2112 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@OptimOptions 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@OptimOptions\display.m 168 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@OptimOptions\schema.m 2200 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Parameter 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Parameter\display.m 329 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Parameter\Parameter.m 439 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Parameter\schema.m 573 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@ParamSet 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@patternsearch 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Project 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SignalConstraint 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SignalConstraint\cleanup.m 812 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SignalConstraint\display.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SignalConstraint\dispose.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SignalConstraint\evalconstr.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SignalConstraint\evalcost.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SignalConstraint\getAsymtoteConstraint.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SignalConstraint\getEdgeMotionConstraint.m 1745 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SignalConstraint\getSimTime.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SignalConstraint\getVertexMotionConstraint.m 2914 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SignalConstraint\getYMotionConstraint.m 1907 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SignalConstraint\hasConstraint.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SignalConstraint\hasCost.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SignalConstraint\init.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SignalConstraint\isvalid.m 1804 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SignalConstraint\scale.m 315 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SignalConstraint\schema.m 1413 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SignalConstraint\split.m 978 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SignalConstraint\stepspec.m 2735 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimProject 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimProject\assignin.m 610 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimProject\checkSettings.m 908 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimProject\copy.m 389 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimProject\display.m 372 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimProject\evalin.m 308 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimProject\findconstr.m 476 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimProject\findpar.m 378 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimProject\initpar.m 367 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimProject\logRestore.m 559 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimProject\logSave.m 760 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimProject\makeGradient.m 362 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimProject\optimget.m 200 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimProject\optimize.m 2906 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimProject\optimset.m 278 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimProject\schema.m 732 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimProject\setunc.m 608 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimProject\simget.m 222 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimProject\simset.m 357 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimSource 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimSource\isActive.m 402 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimSource\schema.m 472 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimTest 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimTest\copy.m 526 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimTest\evalFC.m 3119 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimTest\evalFCG.m 3221 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimTest\getCurrentResponse.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimTest\getCurrentResponseG.m 2480 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimTest\getSimTime.m 441 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimTest\optimCleanup.m 581 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimTest\optimSetup.m 349 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimTest\optimUpdate.m 579 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimTest\schema.m 2129 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@SimTest\simplot.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Source 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\@Source\schema.m 316 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\findconstr.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\findpar.m 1753 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\initpar.m 414 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\optimget.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\optimize.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\optimset.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\schema.m 199 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\setunc.m 759 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\simget.m 1163 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\@ResponseOptimizer\simset.m 1216 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\Contents.m 2058 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\getsro.m 1542 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\gridunc.m 1502 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\info.xml 1108 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\ja 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\ja\info.xml 1185 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\newsro.m 2468 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\randunc.m 3044 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\SignalConstrMask.m 6082 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\slblocks.m 1024 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\sloptimicons.mat 16008 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\srolib.mdl 56335 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\sroproject.m 2190 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\testsloptim.mdl 10952 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\utFindLog.m 669 bytes
File C:\MATLAB7\toolbox\sloptim\sloptim\utGetLogData.m 421 bytes
File C:\MATLAB7\toolbox\sloptim\sloptobsolete 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptobsolete\isNCDStruct.m 275 bytes
File C:\MATLAB7\toolbox\sloptim\sloptobsolete\ncdglob.m 0 bytes
File C:\MATLAB7\toolbox\sloptim\sloptobsolete\ncdupdate.m 3213 bytes
File C:\MATLAB7\toolbox\sloptim\sloptobsolete\nlinopt.m 1768 bytes
File C:\MATLAB7\toolbox\sloptim\sloptobsolete\optblock.m 299 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties.CP1256 4219 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\im 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\im\indicim.jar 10438 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\im\thaiim.jar 7936 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\accessibility.properties 147 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\charsets.jar 5537598 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\cmm 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\content-types.properties 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\ext 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\flavormap.properties 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties 4376 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties.CP1250 4445 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties.CP1251 4445 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties.CP1253 4445 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties.CP1254 4445 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties.CP1257 4445 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties.hi 5540 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties.iw 2976 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties.ja 6050 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties.ko 5476 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties.MS950_HKSCS 7416 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties.ru 4463 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties.th 5405 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties.zh 5357 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties.zh.98 5360 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties.zh_CN_GB18030 5596 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties.zh_TW 5852 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties.zh_TW.95 5509 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\font.properties.zh_TW_MS950_HKSCS 7422 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\fonts 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\fonts\LucidaBrightDemiBold.ttf 75144 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\fonts\LucidaBrightDemiItalic.ttf 75124 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\fonts\LucidaBrightItalic.ttf 80856 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\fonts\LucidaBrightRegular.ttf 344908 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\fonts\LucidaSansDemiBold.ttf 317896 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\fonts\LucidaSansRegular.ttf 698236 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\fonts\LucidaTypewriterBold.ttf 234068 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\fonts\LucidaTypewriterRegular.ttf 242700 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\i386 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\i386\jvm.cfg 671 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\images 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\images\cursors 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\images\cursors\cursors.properties 1318 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\images\cursors\invalid32x32.gif 153 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\images\cursors\win32_CopyDrop32x32.gif 165 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif 153 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\images\cursors\win32_LinkDrop32x32.gif 168 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif 153 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\images\cursors\win32_MoveDrop32x32.gif 147 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif 153 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\jce.jar 69596 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\jsse.jar 881878 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\jvm.hprof.txt 2748 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\jvm.jcov.txt 4890 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\logging.properties 2245 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\plugin.jar 1880482 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\psfont.properties.ja 3070 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\psfontj2d.properties 10669 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\rt.jar 22152028 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\security 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\security\cacerts 17648 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\security\java.policy 2223 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\security\java.security 6871 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\security\local_policy.jar 2921 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\security\US_export_policy.jar 2440 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\sunrsasign.jar 89343 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\tzmappings 6700 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Dakar 77 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Lubumbashi 27 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Abidjan 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Accra 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Addis_Ababa 65 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Algiers 333 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Asmera 65 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Bamako 85 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Bangui 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Banjul 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Bissau 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Blantyre 65 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Brazzaville 65 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Bujumbura 27 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Cairo 1500 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Casablanca 213 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Ceuta 1112 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Conakry 85 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Dar_es_Salaam 85 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Djibouti 65 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Douala 65 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\El_Aaiun 77 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Freetown 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Gaborone 77 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Harare 65 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Johannesburg 105 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Kampala 97 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Khartoum 337 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Kigali 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Kinshasa 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Lagos 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Libreville 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Lome 0 bytes
File C:\MATLAB7\uninstall\java\jre\win32\jre\lib\zi\Africa\Luanda 0 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Kamikaze.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\42.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Aland.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Aphex.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Black Cross.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\BritWorm.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Crew52.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Cyclops.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Daisy.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Dark.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Des.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Dest2.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Dropflag.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\EU.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Eyes.bmp 1420 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Face.bmp 1420 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\fire.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Griff`s.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Hollow.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Imperial.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Jiffy.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Kiljaeden.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Meatmen.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Muscle.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\NATO.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Oriental.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Peace.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Pirate.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Probe.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Rebel.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Red Cross.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Scot Worm.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Sheep.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Skull.bmp 1420 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Snipers.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Three Crowns.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Umi.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\V.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Veg.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\WAW.bmp 1418 bytes
File C:\MicroProse\Worms Armageddon\User\Flags\Worm.bmp 1420 bytes
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#5 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:07 PM

Posted 01 November 2009 - 02:27 PM

First temporarily disable any antivirus program or any real time shields that are present:
If you do not know how then you can refer to this link:
http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
================
Then Download Combofix from any of the links below. You must rename it before saving it. Rename it to kahdah then save it to your desktop.
Link 1
Link 2
--------------------------------------------------------------------

Go to start run and then copy\paste in this (including the quotes) > "%userprofile%\desktop\kahdah.exe" -killall
  • Follow the prompts
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#6 mustang0222

mustang0222
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 01 November 2009 - 02:57 PM

heres the combofix log, thanks for the help!
ComboFix 09-10-30.01 - Steven 11/01/2009 14:44.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.603 [GMT -5:00]
Running from: c:\documents and settings\Steven\desktop\kahdah.exe
Command switches used :: -killall
AV: avast! antivirus 4.8.1335 [VPS 091101-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.

2009-11-01 17:07 . 2009-11-01 17:07 291328 ----a-w- C:\8y97o0in.exe
2009-10-26 04:08 . 2009-10-26 04:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-25 14:25 . 2009-10-25 15:02 -------- d-----w- c:\documents and settings\Steven\DoctorWeb
2009-10-25 01:05 . 2009-10-25 01:05 -------- d-----w- c:\program files\Trend Micro
2009-10-24 22:11 . 2009-10-24 22:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-24 21:28 . 2004-08-04 10:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-24 21:28 . 2004-08-04 10:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-17 19:59 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 19:59 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 18:54 . 2009-10-17 18:54 -------- d-----w- c:\documents and settings\Steven\Application Data\SUPERAntiSpyware.com
2009-10-17 18:54 . 2009-10-17 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-17 18:34 . 2009-10-17 18:34 -------- d-----w- c:\documents and settings\Steven\Local Settings\Application Data\Xenocode
2009-10-17 18:30 . 2009-10-17 18:30 -------- d-----w- c:\program files\Yahoo!
2009-10-17 06:41 . 2009-10-17 06:41 -------- d-----w- C:\_OTM
2009-10-17 06:18 . 2009-10-17 06:41 58 ----a-w- c:\windows\wp4.dat
2009-10-17 06:18 . 2009-10-17 06:41 3 ----a-w- c:\windows\wp3.dat
2009-10-17 06:14 . 2009-10-17 06:17 0 ----a-w- C:\vwj.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 05:24 . 2008-03-16 22:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-01 04:57 . 2006-10-08 17:24 -------- d-----w- c:\program files\DC++
2009-10-29 01:03 . 2007-04-03 04:35 -------- d-----w- c:\documents and settings\Steven\Application Data\Tor
2009-10-28 21:36 . 2007-04-03 04:35 -------- d-----w- c:\documents and settings\Steven\Application Data\Vidalia
2009-10-28 20:57 . 2006-11-19 03:10 -------- d-----w- c:\documents and settings\Steven\Application Data\uTorrent
2009-10-26 04:07 . 2006-07-25 09:51 -------- d-----w- c:\program files\Java
2009-10-25 21:13 . 2008-12-18 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-24 22:11 . 2008-06-26 23:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-24 15:08 . 2009-04-11 03:26 120 ----a-w- c:\windows\Dxirocukali.dat
2009-10-24 05:28 . 2009-04-11 03:26 0 ----a-w- c:\windows\Mcocusovo.bin
2009-10-21 05:17 . 2008-12-17 23:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-17 19:59 . 2008-12-19 14:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-17 18:45 . 2008-12-19 17:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
2009-10-17 18:26 . 2008-12-19 20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware3
2009-10-14 07:09 . 2006-09-12 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-03 20:56 . 2007-04-03 04:35 -------- d-----w- c:\program files\Vidalia
2009-09-25 05:49 . 2004-08-10 17:51 668672 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:48 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:03 . 2004-08-10 17:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2004-08-10 17:51 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16 . 2004-08-10 17:51 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 17:38 . 2006-08-02 19:38 108816 ----a-w- c:\documents and settings\Steven\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 23:24 . 2004-08-10 18:02 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-10 18:02 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-10 18:02 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-10 18:02 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-10 17:50 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-10 18:02 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2007-08-30 20:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2007-08-30 20:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2004-08-10 18:02 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 12:49 . 2004-08-10 17:51 2142720 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 12:02 . 2004-08-04 03:59 2020864 ------w- c:\windows\system32\ntkrnlpa.exe
2008-12-19 16:26 . 2006-08-01 20:00 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 16:26 . 2006-08-01 20:00 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 16:26 . 2007-05-02 16:21 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 16:26 . 2007-05-02 16:21 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 16:26 . 2006-08-01 20:00 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2004-02-21 04:17 . 2004-02-21 04:17 20752 ----a-w- c:\program files\opera\program\plugins\cgpcfg.dll
2004-02-21 04:17 . 2004-02-21 04:17 69904 ----a-w- c:\program files\opera\program\plugins\CgpCore.dll
2004-02-21 04:17 . 2004-02-21 04:17 45328 ----a-w- c:\program files\opera\program\plugins\icalogon.dll
2004-02-21 04:17 . 2004-02-21 04:17 24848 ----a-w- c:\program files\opera\program\plugins\PScript.dll
2004-02-21 04:17 . 2004-02-21 04:17 57616 ----a-w- c:\program files\opera\program\plugins\sslsdk_b.dll
2004-02-21 04:17 . 2004-02-21 04:17 24848 ----a-w- c:\program files\opera\program\plugins\TcpPServ.dll
2007-10-11 00:21 . 2007-03-14 01:11 56 --sh--r- c:\windows\system32\4064FE9C83.sys
2006-10-02 12:15 . 2006-08-02 19:37 88 --sh--r- c:\windows\system32\839CFE6440.sys
2007-10-11 20:12 . 2006-08-02 19:37 5642 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-10-24_21.34.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-01 19:40 . 2009-11-01 19:40 16384 c:\windows\Temp\Perflib_Perfdata_a0.dat
+ 2009-10-29 14:20 . 2009-08-06 23:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-29 14:20 . 2009-08-06 23:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
- 2004-08-10 17:51 . 2009-10-24 21:35 72978 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2009-11-01 19:46 72978 c:\windows\system32\perfc009.dat
+ 2004-08-10 18:02 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2004-08-10 18:02 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-10 17:50 . 2009-08-06 23:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2006-08-01 19:47 . 2009-11-01 17:51 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-08-01 19:47 . 2009-10-24 21:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-08-01 19:47 . 2009-10-24 21:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-08-01 19:47 . 2009-11-01 17:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-08-01 19:47 . 2009-10-24 21:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-08-01 19:47 . 2009-11-01 17:51 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-10-24 22:11 . 2009-10-24 22:11 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-10-24 22:11 . 2009-10-24 22:11 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-10-24 22:11 . 2009-10-24 22:11 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
- 2004-08-10 17:51 . 2009-10-24 21:35 445938 c:\windows\system32\perfh009.dat
+ 2004-08-10 17:51 . 2009-11-01 19:46 445938 c:\windows\system32\perfh009.dat
+ 2009-10-26 04:08 . 2009-10-26 04:07 149280 c:\windows\system32\javaws.exe
+ 2009-10-26 04:08 . 2009-10-26 04:07 145184 c:\windows\system32\javaw.exe
+ 2009-10-26 04:08 . 2009-10-26 04:07 145184 c:\windows\system32\java.exe
+ 2004-08-10 18:02 . 2009-08-06 23:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-10 18:02 . 2009-08-06 23:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2004-08-10 18:02 . 2009-08-06 23:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2004-08-10 18:02 . 2009-08-06 23:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2009-10-26 04:07 . 2009-10-26 04:07 1757696 c:\windows\Installer\42402.msi
+ 2009-10-24 22:11 . 2009-10-24 22:11 1583616 c:\windows\Installer\262ae2.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"Vidalia"="c:\program files\Vidalia\vidalia.exe" [2009-07-12 5113430]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-04-27 50736]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-01-02 1126400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-26 149280]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\Steven\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-1-16 951640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-25 24576]
Privoxy.lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Steven^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Steven\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"MskService"=2 (0x2)
"MpfService"=3 (0x3)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=3 (0x3)
"McDetect.exe"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\battlegrounds_x1.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Steven\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\MATLAB7\\bin\\win32\\MATLAB.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\WLKEEPER.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\S24EvMon.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Dell\\QuickSet\\NicConfigSvc.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8118:TCP"= 8118:TCP:Torrent3
"9050:TCP"= 9050:TCP:torrent4

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/10/2009 10:17 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/10/2009 10:17 PM 20560]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [12/9/2008 12:37 PM 13088]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/18/2007 4:00 PM 24652]
S0 dkal;dkal;c:\windows\system32\drivers\uyicl.sys --> c:\windows\system32\drivers\uyicl.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Steven\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Steven\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Steven\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\Steven\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 1dt6n1oz3dv.sys;1dt6n1oz3dv.sys;\??\c:\windows\system32\drivers\1dt6n1oz3dv.sys --> c:\windows\system32\drivers\1dt6n1oz3dv.sys [?]
S2 2bfus66giyi.sys;2bfus66giyi.sys;c:\windows\system32\drivers\2bfus66giyi.sys [8/10/2004 12:51 PM 79872]
S2 bxsayzbie6l.sys;bxsayzbie6l.sys;\??\c:\windows\system32\drivers\bxsayzbie6l.sys --> c:\windows\system32\drivers\bxsayzbie6l.sys [?]
S2 WDefend;WDefend;c:\windows\svohost.exe --> c:\windows\svohost.exe [?]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys --> c:\windows\system32\DRIVERS\JakNDis.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 4:10 PM 32512]
S3 SASENUM;SASENUM;\??\c:\docume~1\Steven\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\Steven\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-25 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (STEVE-Steven).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2006-07-25 22:18]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-01 14:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-11-01 14:55
ComboFix-quarantined-files.txt 2009-11-01 19:55
ComboFix2.txt 2009-10-24 21:43

Pre-Run: 134,668,288 bytes free
Post-Run: 229,687,296 bytes free

- - End Of File - - 774CF963AC8E9FC99538357228F035FB

#7 mustang0222

mustang0222
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 01 November 2009 - 03:20 PM

Wow... it seems as though the redirect issues have disappeared so far. Funny that I ran combofix once before and it didnt do anything for it, was atapi.sys the issue? Are there any other problems you see?

Also, my safe mode doesnt work, stops at mup.sys then goes to a blank blue screen... is that just an issue that would require reinstalling windows?

Edited by mustang0222, 01 November 2009 - 03:28 PM.


#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:07 PM

Posted 01 November 2009 - 04:44 PM

Combofix is not to be used by the gereral public unless advised.
But to answer your question it is because this is a relatively new infection and Combofix has been update for it.
Yes there is still more to do as some of the infection is still present.
McAfee I would reinstall yes.
================
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2009/10/17 01:18:06 | 00,287,232 | ---- | C] () -- C:\WINDOWS\svohost.exe.XXX
    [2009/10/17 01:18:06 | 00,000,058 | ---- | C] () -- C:\WINDOWS\wp4.dat
    [2009/10/17 01:18:06 | 00,000,003 | ---- | C] () -- C:\WINDOWS\wp3.dat
    [2009/10/17 01:17:54 | 00,000,088 | ---- | C] () -- C:\WINDOWS\System32\wwp.htm
    [2009/10/17 01:14:23 | 00,000,000 | ---- | C] () -- C:\vwj.exe
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Malwarebytes' Anti-Malware=================================
Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Online scan=================================
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 mustang0222

mustang0222
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 01 November 2009 - 10:42 PM

Heres the logs
All processes killed
========== OTL ==========
C:\WINDOWS\svohost.exe.XXX moved successfully.
C:\WINDOWS\wp4.dat moved successfully.
C:\WINDOWS\wp3.dat moved successfully.
C:\WINDOWS\system32\wwp.htm moved successfully.
C:\vwj.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 67 bytes

User: Guest
->Temp folder emptied: 0 bytes
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 67 bytes
C:\Documents and Settings\Guest\Local Settings\Application Data\Mozilla\Firefox\Profiles\fac66qoc.default\Cache\49D97188d01 deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Application Data\Mozilla\Firefox\Profiles\fac66qoc.default\Cache\_CACHE_001_ deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Application Data\Mozilla\Firefox\Profiles\fac66qoc.default\Cache\_CACHE_002_ deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Application Data\Mozilla\Firefox\Profiles\fac66qoc.default\Cache\_CACHE_003_ deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Application Data\Mozilla\Firefox\Profiles\fac66qoc.default\Cache\_CACHE_MAP_ deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Application Data\Mozilla\Firefox\Profiles\fac66qoc.default\XPC.mfl deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Application Data\Mozilla\Firefox\Profiles\fac66qoc.default\XUL.mfl deleted successfully.
->FireFox cache emptied: 2513871 bytes

User: LocalService
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\desktop.ini deleted successfully.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65716 bytes
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 32902 bytes
C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\rrcxnn7l.default\Cache\_CACHE_001_ deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\rrcxnn7l.default\Cache\_CACHE_002_ deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\rrcxnn7l.default\Cache\_CACHE_003_ deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\rrcxnn7l.default\Cache\_CACHE_MAP_ deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\rrcxnn7l.default\XPC.mfl deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\rrcxnn7l.default\XUL.mfl deleted successfully.
->FireFox cache emptied: 2551787 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 67 bytes

User: Owner
->Temp folder emptied: 0 bytes

User: Steven
C:\Documents and Settings\Steven\Local Settings\Temp\jusched.log deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temp\~DF8D04.tmp deleted successfully.
->Temp folder emptied: 17095 bytes
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.Word\~WRF{52AB58D4-29D5-4868-ADFD-3D86D8ECD5E4}.tmp deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.Word\~WRS{00E59DA3-C9A4-4716-B3F1-F43640458ABE}.tmp deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.Word\~WRS{BFC41CC3-E9E3-4B5A-9972-9BF83AC9AB7C}.tmp deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\KHMFCP2F\close_sm[1].gif deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\KHMFCP2F\desktop.ini deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\KHMFCP2F\FRXzj3uJx0U[2].js deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\KHMFCP2F\g-button-chocobo-basic-1[1].gif deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\KHMFCP2F\search[1].htm deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\KHMFCP2F\search[2] deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\KHMFCP2F\search[3] deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\KHMFCP2F\search[4] deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\KHMFCP2F\vbulletin_important[1].css deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\GTQVSL6F\desktop.ini deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\GTQVSL6F\google[1].htm deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\GTQVSL6F\nav_logo7[1].png deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\GTQVSL6F\search[2] deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\GTQVSL6F\search[3] deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\GTQVSL6F\search[4] deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\GTQVSL6F\search[5] deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\GTQVSL6F\showthread[1].htm deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\4XAFGPIZ\cVdcTys6Ulg[2].js deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\4XAFGPIZ\desktop.ini deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\4XAFGPIZ\logo[1].gif deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\4XAFGPIZ\search[2] deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\4XAFGPIZ\search[3] deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\4XAFGPIZ\search[4] deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\4XAFGPIZ\search[5] deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\4XAFGPIZ\umfobi-2QVw[2].js deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\4XAFGPIZ\yahoo-dom-event[1].js deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\0XUJCP67\base_media[1].jpg deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\0XUJCP67\chrome_48[1].gif deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\0XUJCP67\desktop.ini deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\0XUJCP67\g-button-chocobo-basic-2[1].gif deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\0XUJCP67\modular1[1].css deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\0XUJCP67\reset[1].css deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\0XUJCP67\search[2] deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\0XUJCP67\search[3] deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\0XUJCP67\search[4] deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\0XUJCP67\search[5] deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\index.dat deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 445853 bytes
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\browserchecker_applet.jar-7e328909-1784167b.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\browserchecker_applet.jar-7e328909-1784167b.zip deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crimson.jar-4eb2465c-1acdd90e.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crimson.jar-4eb2465c-1acdd90e.zip deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dragndrop_applet.jar-6eae7627-4a3ecbf1.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dragndrop_applet.jar-6eae7627-4a3ecbf1.zip deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\kos-main.jar-a28c4e6-4e3f132c.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\kos-main.jar-a28c4e6-4e3f132c.zip deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\wioAppletResources_de.jar-703535cf-48d65b35.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\wioAppletResources_de.jar-703535cf-48d65b35.zip deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\wioAppletResources_en.jar-7268e1f7-72b513d8.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\wioAppletResources_en.jar-7268e1f7-72b513d8.zip deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\wioAppletResources_en_GB.jar-5e5e5d77-7a03dfb9.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\wioAppletResources_en_GB.jar-5e5e5d77-7a03dfb9.zip deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\wioAppletResources_es.jar-72af577c-6d236f72.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\wioAppletResources_es.jar-72af577c-6d236f72.zip deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\wioAppletResources_fi_FI.jar-69eab805-53b0fe1f.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\wioAppletResources_fi_FI.jar-69eab805-53b0fe1f.zip deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\wioAppletResources_fr.jar-7456189a-295fe39c.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\wioAppletResources_fr.jar-7456189a-295fe39c.zip deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\wioAppletResources_ja.jar-7a39eb85-3ec1f0a1.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\wioAppletResources_ja.jar-7a39eb85-3ec1f0a1.zip deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\wio_applet.jar-47f8d333-6f2f6227.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\wio_applet.jar-47f8d333-6f2f6227.zip deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\chat_busy.gif-3418c7-32246a36.gif deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\chat_busy.gif-3418c7-32246a36.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\javavm.class-1540b3a5-78981830.class deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\javavm.class-1540b3a5-78981830.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\large_chat_declined.gif-259c7f8-72d70aac.gif deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\large_chat_declined.gif-259c7f8-72d70aac.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\large_chat_pending.gif-526841d3-7b07a791.gif deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\large_chat_pending.gif-526841d3-7b07a791.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\warning_dialog.gif-5dec056a-259774cd.gif deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\warning_dialog.gif-5dec056a-259774cd.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\host\5503b13a-2651bd22.hst deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\63\68edb93f-2ed6a8b5 deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\63\68edb93f-2ed6a8b5.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6099d7b1-n\jogl.dll deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6099d7b1-n\jogl_awt.dll deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6099d7b1-n\jogl_cg.dll deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6099d7b1 deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6099d7b1.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\59\1ea183bb-38e57515 deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\59\1ea183bb-38e57515.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\58\77f4e57a-6a57f608 deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\58\77f4e57a-6a57f608.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\5\36484385-530c4eb7 deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\5\36484385-530c4eb7.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\5\6da2e3c5-32b4b3a7 deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\5\6da2e3c5-32b4b3a7.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\48\26760070-60f91cec-1.0b06a- deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\48\26760070-60f91cec-1.0b06a-.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-6d1f9505-n\gluegen-rt.dll deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-6d1f9505 deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-6d1f9505.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\44\50f3f12c-204d0ba1 deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\44\50f3f12c-204d0ba1.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\40\6237a4a8-28100a6e deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\40\6237a4a8-28100a6e.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\39\55897967-435efd9d deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\39\55897967-435efd9d.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\32\3c877e0-6a3ddc4b deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\32\3c877e0-6a3ddc4b.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\32\6c34baa0-6ed62469 deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\32\6c34baa0-6ed62469.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\29\3bc6941d-4f7fab2f deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\29\3bc6941d-4f7fab2f.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\27\20d3eedb-75da900c deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\27\20d3eedb-75da900c.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\26\2d280e1a-24bd921e-1.1.1a- deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\26\2d280e1a-24bd921e-1.1.1a-.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\24\2a20e358-44951674 deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\24\2a20e358-44951674.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-31dcb909-n\decora-d3d.dll deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-31dcb909-n\decora-sse.dll deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-31dcb909-n\jmc.dll deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-31dcb909-n\msvcp71.dll deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-31dcb909-n\msvcr71.dll deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-31dcb909 deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-31dcb909.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\20\3570ab14-4732d964 deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\20\3570ab14-4732d964.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\2\5be9b382-47f42b5b deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\2\5be9b382-47f42b5b.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\17\16f63651-100bfa8c deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\17\16f63651-100bfa8c.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\17\5f5af4d1-47aa5b28 deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\17\5f5af4d1-47aa5b28.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-616888e6-n\decora-d3d.dll deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-616888e6-n\decora-sse.dll deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-616888e6-n\jmc.dll deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-616888e6-n\msvcp71.dll deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-616888e6-n\msvcr71.dll deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-616888e6 deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-616888e6.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-74896326 deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-74896326.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\13\3647fa8d-7c472333 deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\13\3647fa8d-7c472333.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\12\200365cc-3a66485c deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\12\200365cc-3a66485c.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\11\2b98eb8b-60f1b4e8 deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\11\2b98eb8b-60f1b4e8.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\11\3bd36b0b-6b620d4c deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\11\3bd36b0b-6b620d4c.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\10\3560ca0a-6a2c8a7a deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\10\3560ca0a-6a2c8a7a.idx deleted successfully.
C:\Documents and Settings\Steven\Application Data\Sun\Java\Deployment\cache\6.0\lastAccessed deleted successfully.
->Java cache emptied: 33244170 bytes
C:\Documents and Settings\Steven\Local Settings\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\Cache\_CACHE_001_ deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\Cache\_CACHE_002_ deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\Cache\_CACHE_003_ deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\Cache\_CACHE_MAP_ deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\XPC.mfl deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\XUL.mfl deleted successfully.
->FireFox cache emptied: 5898095 bytes
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\adoc.bx deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\md.dat deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\url.ax deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\w.ax deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\wb.vx deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\adoc.bx deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\md.dat deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\url.ax deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\w.ax deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\wb.vx deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\adoc.bx deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\md.dat deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\url.ax deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\w.ax deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0007\wb.vx deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\adoc.bx deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\md.dat deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\url.ax deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\w.ax deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\wb.vx deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\adoc.bx deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\md.dat deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\url.ax deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\w.ax deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\wb.vx deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\adoc.bx deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\md.dat deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\url.ax deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\w.ax deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\wb.vx deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\adoc.bx deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\md.dat deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\url.ax deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\w.ax deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\wb.vx deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\adoc.bx deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\md.dat deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\url.ax deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\w.ax deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\wb.vx deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx deleted successfully.
C:\Documents and Settings\Steven\Local Settings\Application Data\Opera\Opera\Profile\opcache\dcache4.url deleted successfully.

->Opera cache emptied: 35395089 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET44F.tmp deleted successfully.
C:\WINDOWS\System32\SET451.tmp deleted successfully.
C:\WINDOWS\System32\SET452.tmp deleted successfully.
C:\WINDOWS\System32\SET45E.tmp deleted successfully.
C:\WINDOWS\System32\SET461.tmp deleted successfully.
C:\WINDOWS\System32\SET46B.tmp deleted successfully.
C:\WINDOWS\System32\setb7.tmp deleted successfully.
%systemroot%\System32 .tmp files removed: 9836049 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_98.dat scheduled to be deleted on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_a0.dat deleted successfully.
Windows Temp folder emptied: 32768 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 85.86 mb


OTL by OldTimer - Version 3.1.1.8 log created on 11012009_195835

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_98.dat moved successfully.

Registry entries deleted on Reboot...
---------------------------------------------------------------
Malwarebytes' Anti-Malware 1.41
Database version: 3081
Windows 5.1.2600 Service Pack 2

11/1/2009 9:11:42 PM
mbam-log-2009-11-01 (21-11-42).txt

Scan type: Full Scan (C:\|)
Objects scanned: 306242
Time elapsed: 1 hour(s), 3 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDefend (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\_OTL\MovedFiles\11012009_195835\C_WINDOWS\svohost.exe.XXX (Trojan.FakeAlert) -> Quarantined and deleted successfully.
--------------------------------------------------
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b7553f6bd186ab40b792341177f97ff2
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2009-11-02 03:32:12
# local_time=2009-11-01 10:32:12 (-0500, Eastern Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775125 100 98 0 192491990 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=188636
# found=5
# cleaned=5
# scan_time=3896
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.OF virus (deleted - quarantined) 9AD011C7BF8A744AF13995C23F239B03 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\dbsinit.exe.XXX.vir Win32/Adware.WinAntiVirus application (deleted - quarantined) 4F32D29EB54FD647F75C3047367FE415 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\wispex.html.XXX.vir Win32/Adware.WinAntiVirus application (cleaned by deleting - quarantined) 4DBD2D35AFE87A4D8D81E17624E34A8D C
C:\Qoobox\Quarantine\C\WINDOWS\system32\AdMUxyxx.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 8AC065DE5E012761C864ECEB694C77CF C
C:\Qoobox\Quarantine\C\WINDOWS\system32\xa.tmp.vir probably a variant of Win32/TrojanDownloader.Agent.OYU trojan (cleaned by deleting - quarantined) 64564CAD834B100D7887080A01506681 C


Thanks again

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:07 PM

Posted 02 November 2009 - 07:57 AM

You are welcome :(
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 mustang0222

mustang0222
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 02 November 2009 - 09:56 AM

here it is...
OTL logfile created on: 11/2/2009 9:36:57 AM - Run 2
OTL by OldTimer - Version 3.1.1.8 Folder = C:\Documents and Settings\Steven\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 549.29 Mb Available Physical Memory | 54.15% Memory free
2.88 Gb Paging File | 2.45 Gb Available in Paging File | 84.96% Paging File free
Paging file location(s): C:\pagefile.sys 2032 4064 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.35 Gb Total Space | 0.27 Gb Free Space | 0.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVE
Current User Name: Steven
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Steven\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Vidalia\vidalia.exe ()
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe ( )
PRC - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe (Smith Micro Software, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
PRC - C:\Program Files\AIM6\aolsoftware.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\NetWaiting\netwaiting.exe ()
PRC - C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Win32 Services (SafeList) ==========

SRV - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel Corporation)
SRV - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)
SRV - c:\Program Files\McAfee.com\Agent\Mcdetect.exe (McAfee, Inc)
SRV - c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)
SRV - c:\Program Files\McAfee.com\VSO\McShield.exe (McAfee Inc.)
SRV - C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe (McAfee Inc.)
SRV - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe (McAfee, Inc)
SRV - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - C:\WINDOWS\system32\drivers\2bfus66giyi.sys ()
DRV - C:\WINDOWS\system32\drivers\AegisP.sys (Cisco Systems, Inc.)
DRV - C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - C:\WINDOWS\system32\drivers\MpFirewall.sys (McAfee)
DRV - C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - C:\WINDOWS\system32\drivers\naiavf5x.sys (McAfee Inc.)
DRV - C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Steven\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8118

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/25 23:07:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRA~1\Mozilla Firefox\components [2009/08/19 18:40:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRA~1\Mozilla Firefox\plugins [2009/10/25 23:08:13 | 00,000,000 | ---D | M]

[2007/08/01 06:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\videodowloader@videodownloader.net
[2009/02/07 18:05:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\moveplayer@movenetworks.com
[2008/12/17 17:13:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/01/22 14:15:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/08/13 21:45:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/01 15:06:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions
[2009/11/01 15:06:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions
[2009/08/13 21:45:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/22 14:15:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2008/12/17 17:13:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/02/07 18:05:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\moveplayer@movenetworks.com
[2007/08/01 06:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\459y8u5w.default\extensions\videodowloader@videodownloader.net
[2008/03/28 15:22:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2009/10/25 23:08:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2008/12/19 11:26:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/01 15:06:22 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/01 15:06:22 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/19 11:26:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/25 23:08:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2008/03/28 15:22:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/12/19 11:26:03 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/12/19 11:26:03 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/12/19 11:26:03 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008/12/19 11:26:03 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/12/19 11:26:03 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2008/08/06 15:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/10/25 23:07:57 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2006/07/11 14:48:13 | 00,528,896 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2006/07/28 20:23:31 | 00,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2008/12/19 11:26:05 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2008/02/29 11:37:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/02/29 11:37:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/02/29 11:37:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/02/29 11:37:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/02/29 11:37:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/02/29 11:37:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/02/29 11:37:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2007/03/10 00:16:52 | 00,001,514 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2007/03/10 00:16:52 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2007/03/10 00:16:52 | 00,001,038 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2007/03/10 00:16:52 | 00,001,046 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2007/03/10 00:16:52 | 00,002,351 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2007/03/10 00:16:52 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellTransferAgent] C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe ( )
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia\vidalia.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
O4 - Startup: C:\Documents and Settings\Steven\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Steven\Start Menu\Programs\Startup\MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe (Smith Micro Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/01 21:25:26 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/01 19:58:35 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/01 14:32:42 | 00,000,000 | ---D | C] -- C:\kahdah
[2009/11/01 11:59:11 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steven\Desktop\OTL.exe
[2009/10/27 14:34:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven\Desktop\GooredFix Backups
[2009/10/27 14:28:15 | 00,069,192 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Steven\Desktop\GooredFix.exe
[2009/10/25 23:16:42 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Steven\Desktop\RootRepeal.exe
[2009/10/25 23:08:13 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/10/25 23:08:13 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/25 23:08:13 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/25 23:08:13 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/25 23:08:13 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/25 22:25:51 | 16,664,352 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Steven\Desktop\jre-6u16-windows-i586.exe
[2009/10/25 16:44:43 | 08,067,224 | ---- | C] (Mozilla) -- C:\Documents and Settings\Steven\Desktop\Firefox Setup 3.5.3.exe
[2009/10/25 09:25:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven\DoctorWeb
[2009/10/25 09:19:46 | 19,507,376 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Steven\Desktop\2mj4ug6r.exe
[2009/10/24 20:05:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/24 20:05:02 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Steven\Desktop\HJTInstall.exe
[2009/10/24 19:14:36 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steven\Desktop\OTS.exe
[2009/10/24 17:11:38 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/24 17:02:25 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Steven\Recent
[2009/10/24 16:28:05 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/10/24 16:28:05 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2009/10/24 16:12:55 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/24 16:09:19 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/24 16:09:19 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/24 16:09:19 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/24 16:09:19 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/24 16:09:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/24 16:06:17 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/24 16:01:47 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Steven\Desktop\ATF-Cleaner.exe
[2009/10/20 22:59:24 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Steven\Desktop\setup-spybotsd162.exe
[2009/10/17 22:53:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven\Desktop\Senior Design Project
[2009/10/17 22:47:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven\Desktop\Comp Mechanics
[2009/10/17 22:47:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven\Desktop\Resumes
[2009/10/17 22:47:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven\Desktop\Metal Cutting
[2009/10/17 22:46:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven\Desktop\Recovery
[2009/10/17 14:59:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/17 14:59:15 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/17 13:54:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven\Application Data\SUPERAntiSpyware.com
[2009/10/17 13:54:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/17 13:34:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steven\Local Settings\Application Data\Xenocode
[2009/10/17 13:30:09 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/10/17 01:41:59 | 00,000,000 | ---D | C] -- C:\_OTM
[9 C:\Documents and Settings\Steven\My Documents\*.tmp files -> C:\Documents and Settings\Steven\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\Steven\Desktop\*.tmp files -> C:\Documents and Settings\Steven\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/01 21:13:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/01 21:13:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/01 21:13:19 | 10,637,14816 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/01 21:12:27 | 08,650,752 | -H-- | M] () -- C:\Documents and Settings\Steven\NTUSER.DAT
[2009/11/01 21:12:27 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Steven\ntuser.ini
[2009/11/01 20:07:01 | 00,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 20:07:01 | 00,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 20:07:01 | 00,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 14:53:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/01 14:28:47 | 03,430,299 | R--- | M] () -- C:\Documents and Settings\Steven\Desktop\kahdah.exe
[2009/11/01 12:07:41 | 00,291,328 | ---- | M] () -- C:\8y97o0in.exe
[2009/11/01 11:59:13 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steven\Desktop\OTL.exe
[2009/11/01 02:23:32 | 77,116,2550 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\dwp_audrey_bitoni02-sd169.wmv
[2009/11/01 01:07:07 | 00,054,784 | ---- | M] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/30 17:57:17 | 00,484,707 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Miami-Heat-2010-Widescreen-Wallpaper.jpg
[2009/10/30 17:56:35 | 00,188,055 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Kevin-Durant-Wallpaper-001.jpg
[2009/10/30 17:55:51 | 00,177,418 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Dwyane-Wade-Heat-Wallpaper.jpg
[2009/10/30 17:55:31 | 00,297,834 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Dwyane-Wade-Burning-Wallpaper.jpg
[2009/10/30 17:54:51 | 00,224,080 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Dwyane-Wade-Dunk-Wallpaper.jpg
[2009/10/30 17:52:24 | 00,291,189 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\We-Are-All-Witnesses-LeBron-Wallpaper2.jpg
[2009/10/30 17:52:17 | 00,291,189 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\We-Are-All-Witnesses-LeBron-Wallpaper.jpg
[2009/10/30 17:51:50 | 00,125,667 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\NBA_miami_heat_1.jpg
[2009/10/30 17:50:39 | 00,064,245 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\miami-heat-team-logo.jpg
[2009/10/28 23:00:12 | 01,675,264 | ---- | M] () -- C:\WINDOWS\MEDB.mdb
[2009/10/28 22:59:21 | 06,763,383 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Timbaland-Say_Something_(Feat._Drake)(CDQ)-HIF.mp3
[2009/10/28 22:57:36 | 04,406,409 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\07-lil__wayne-break_up__feat._short_dawg_and_gudda_gudda_-hif.mp3
[2009/10/28 22:57:18 | 04,770,628 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\08-lil__wayne-banned_from_tv-hif.mp3
[2009/10/28 22:56:56 | 04,203,371 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\DJ_Khaled-Fed_Up_(Feat._Usher,_Young_Jeezy,_Rick_Ross,_And_Drake)(Prod._By_The_Runners)(Dirty)-HIF.mp3
[2009/10/28 22:56:16 | 05,774,656 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\08-50_cent-stretch-hif.mp3
[2009/10/28 22:55:48 | 05,496,474 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\02-50_cent-then_day_went_by-hif.mp3
[2009/10/28 22:55:29 | 06,566,045 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\05-50_cent-psycho_(feat._eminem)-hif.mp3
[2009/10/28 22:54:59 | 05,129,284 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\04-50_cent-so_disrespectful-hif.mp3
[2009/10/28 15:56:48 | 37,016,1722 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Sons.of.Anarchy.S02E08.HDTV.XviD-XII.avi
[2009/10/27 14:28:10 | 00,069,192 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Steven\Desktop\GooredFix.exe
[2009/10/25 23:16:27 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Steven\Desktop\RootRepeal.exe
[2009/10/25 23:07:56 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/10/25 23:07:56 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/25 23:07:56 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/25 23:07:56 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/25 23:07:56 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/25 22:24:32 | 16,664,352 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Steven\Desktop\jre-6u16-windows-i586.exe
[2009/10/25 18:05:19 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\avenger.zip
[2009/10/25 17:43:26 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\ME Test II Covers.doc
[2009/10/25 16:44:43 | 08,067,224 | ---- | M] (Mozilla) -- C:\Documents and Settings\Steven\Desktop\Firefox Setup 3.5.3.exe
[2009/10/25 16:13:31 | 00,000,813 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/25 16:13:31 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/25 16:04:36 | 00,100,448 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2009/10/25 16:03:08 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (STEVE-Steven).job
[2009/10/25 09:23:37 | 19,507,376 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Steven\Desktop\2mj4ug6r.exe
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/24 20:25:23 | 00,003,914 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Attach.rar
[2009/10/24 20:21:23 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\dds.scr
[2009/10/24 20:05:27 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\HijackThis.lnk
[2009/10/24 20:04:06 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Steven\Desktop\HJTInstall.exe
[2009/10/24 19:14:58 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steven\Desktop\OTS.exe
[2009/10/24 17:11:44 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/24 16:31:28 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/24 16:07:48 | 03,352,189 | R--- | M] () -- C:\Documents and Settings\Steven\Desktop\ComboFix.exe
[2009/10/24 16:01:49 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Steven\Desktop\ATF-Cleaner.exe
[2009/10/24 10:08:05 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Dxirocukali.dat
[2009/10/24 00:28:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Mcocusovo.bin
[2009/10/21 22:19:37 | 27,170,820 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Bryce485Squat.mpg
[2009/10/21 20:22:07 | 00,291,328 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\fwpg5f68.exe
[2009/10/21 08:49:27 | 00,004,371 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/10/20 23:17:02 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Machine Design Project.doc
[2009/10/20 23:00:01 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Steven\Desktop\setup-spybotsd162.exe
[2009/10/20 22:59:35 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\ME%203227%2009%20Project#1%20Idea%20gen%20fa08.doc
[2009/10/19 16:30:39 | 00,129,536 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\ME%203217%20Syllabus.doc
[2009/10/18 21:08:29 | 01,295,360 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\10-19-09 Oral Presentation Jeff.ppt
[2009/10/18 19:48:10 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\Project Approach.doc
[2009/10/18 17:35:08 | 01,296,896 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\10-19-09 Oral Presentation.ppt
[2009/10/17 14:59:21 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/14 20:46:01 | 00,000,157 | ---- | M] () -- C:\WINDOWS\matlab.ini
[2009/10/14 14:51:56 | 00,050,176 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\531calc_ORIGINALv3.xls
[2009/10/12 22:18:40 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/10/12 21:40:35 | 00,019,210 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\megan-fox-fhm.jpg
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/06 16:33:54 | 30,663,450 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\S5000273.AVI
[2009/10/06 16:21:34 | 47,019,012 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\S5000272.AVI
[2009/10/06 16:18:20 | 07,767,528 | ---- | M] () -- C:\Documents and Settings\Steven\Desktop\S5000271.AVI
[9 C:\Documents and Settings\Steven\My Documents\*.tmp files -> C:\Documents and Settings\Steven\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\Steven\Desktop\*.tmp files -> C:\Documents and Settings\Steven\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/01 14:32:57 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/01 14:29:15 | 03,430,299 | R--- | C] () -- C:\Documents and Settings\Steven\Desktop\kahdah.exe
[2009/11/01 12:07:50 | 00,291,328 | ---- | C] () -- C:\8y97o0in.exe
[2009/11/01 00:25:00 | 77,116,2550 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\dwp_audrey_bitoni02-sd169.wmv
[2009/10/30 17:57:16 | 00,484,707 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Miami-Heat-2010-Widescreen-Wallpaper.jpg
[2009/10/30 17:56:35 | 00,188,055 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Kevin-Durant-Wallpaper-001.jpg
[2009/10/30 17:55:51 | 00,177,418 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Dwyane-Wade-Heat-Wallpaper.jpg
[2009/10/30 17:55:31 | 00,297,834 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Dwyane-Wade-Burning-Wallpaper.jpg
[2009/10/30 17:54:50 | 00,224,080 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Dwyane-Wade-Dunk-Wallpaper.jpg
[2009/10/30 17:52:24 | 00,291,189 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\We-Are-All-Witnesses-LeBron-Wallpaper2.jpg
[2009/10/30 17:52:17 | 00,291,189 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\We-Are-All-Witnesses-LeBron-Wallpaper.jpg
[2009/10/30 17:51:50 | 00,125,667 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\NBA_miami_heat_1.jpg
[2009/10/30 17:50:39 | 00,064,245 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\miami-heat-team-logo.jpg
[2009/10/28 22:59:12 | 06,763,383 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Timbaland-Say_Something_(Feat._Drake)(CDQ)-HIF.mp3
[2009/10/28 22:57:34 | 04,406,409 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\07-lil__wayne-break_up__feat._short_dawg_and_gudda_gudda_-hif.mp3
[2009/10/28 22:57:15 | 04,770,628 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\08-lil__wayne-banned_from_tv-hif.mp3
[2009/10/28 22:56:50 | 04,203,371 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\DJ_Khaled-Fed_Up_(Feat._Usher,_Young_Jeezy,_Rick_Ross,_And_Drake)(Prod._By_The_Runners)(Dirty)-HIF.mp3
[2009/10/28 22:56:08 | 05,774,656 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\08-50_cent-stretch-hif.mp3
[2009/10/28 22:55:40 | 05,496,474 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\02-50_cent-then_day_went_by-hif.mp3
[2009/10/28 22:55:19 | 06,566,045 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\05-50_cent-psycho_(feat._eminem)-hif.mp3
[2009/10/28 22:54:53 | 05,129,284 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\04-50_cent-so_disrespectful-hif.mp3
[2009/10/28 15:39:54 | 37,016,1722 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Sons.of.Anarchy.S02E08.HDTV.XviD-XII.avi
[2009/10/25 18:05:23 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\avenger.zip
[2009/10/25 17:43:26 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\ME Test II Covers.doc
[2009/10/24 20:25:15 | 00,003,914 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Attach.rar
[2009/10/24 20:21:24 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\dds.scr
[2009/10/24 20:05:26 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\HijackThis.lnk
[2009/10/24 17:11:44 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/24 16:13:02 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/24 16:12:56 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/24 16:09:19 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/24 16:09:19 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/24 16:09:19 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/24 16:09:19 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/24 14:34:38 | 03,352,189 | R--- | C] () -- C:\Documents and Settings\Steven\Desktop\ComboFix.exe
[2009/10/21 22:18:11 | 27,170,820 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Bryce485Squat.mpg
[2009/10/21 20:22:18 | 00,291,328 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\fwpg5f68.exe
[2009/10/20 23:17:02 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Machine Design Project.doc
[2009/10/19 16:30:48 | 00,129,536 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\ME%203217%20Syllabus.doc
[2009/10/19 16:29:58 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\ME%203227%2009%20Project#1%20Idea%20gen%20fa08.doc
[2009/10/18 19:56:05 | 01,295,360 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\10-19-09 Oral Presentation Jeff.ppt
[2009/10/18 09:49:40 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\Project Approach.doc
[2009/10/18 09:49:35 | 01,296,896 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\10-19-09 Oral Presentation.ppt
[2009/10/17 22:55:04 | 30,663,450 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\S5000273.AVI
[2009/10/17 22:54:57 | 47,019,012 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\S5000272.AVI
[2009/10/17 22:54:56 | 07,767,528 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\S5000271.AVI
[2009/10/17 13:46:19 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/12 21:40:35 | 00,019,210 | ---- | C] () -- C:\Documents and Settings\Steven\Desktop\megan-fox-fhm.jpg
[2008/10/01 21:41:06 | 00,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI
[2008/09/24 17:15:09 | 00,000,157 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2008/07/04 13:32:20 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2008/07/04 13:32:20 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2008/07/04 13:32:20 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2008/07/04 13:32:20 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/01/16 17:07:41 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2007/10/26 15:53:18 | 00,000,141 | ---- | C] () -- C:\WINDOWS\LODERUNN.INI
[2007/10/17 14:22:06 | 00,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/10/17 14:22:06 | 00,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/10/17 14:22:06 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/10/17 14:22:06 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/10/17 14:22:06 | 00,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/10/17 14:22:05 | 00,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/04/15 12:37:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\sas.INI
[2007/03/13 20:11:28 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\4064FE9C83.sys
[2007/01/10 15:30:19 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2006/12/13 19:54:09 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/29 12:30:09 | 00,043,048 | ---- | C] () -- C:\Documents and Settings\Steven\Application Data\GDIPFONTCACHEV1.DAT
[2006/10/06 11:03:36 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\fusioncache.dat
[2006/09/16 16:39:34 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/30 18:28:25 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Steven\Application Data\PFP120JPR.{PB
[2006/08/30 18:28:25 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Steven\Application Data\PFP120JCM.{PB
[2006/08/18 16:46:21 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/07 19:10:22 | 00,054,784 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/02 14:38:33 | 00,108,816 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/08/02 14:37:37 | 00,005,642 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/02 14:37:37 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\839CFE6440.sys
[2006/08/01 15:31:20 | 00,003,435 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/01 14:52:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Steven\Application Data\desktop.ini
[2006/08/01 14:52:17 | 05,834,780 | -H-- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\IconCache.db
[2006/07/26 21:05:58 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/07/25 05:21:34 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/25 05:14:16 | 00,004,371 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/25 04:59:39 | 00,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/07/25 04:58:19 | 00,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006/07/25 04:57:55 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/07/25 04:33:47 | 01,355,938 | ---- | C] () -- C:\WINDOWS\System32\ctmbha.dll.ego
[2006/07/25 04:33:24 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/07/25 04:31:41 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/21 05:33:40 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/11/10 01:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/02 16:24:01 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/10 12:51:28 | 00,000,813 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 12:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/10 12:51:16 | 00,079,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\2bfus66giyi.sys
[2002/10/15 17:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
< End of report >

#12 mustang0222

mustang0222
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 02 November 2009 - 10:32 AM

you sir are a freakin champ... browser redirections seemed to have stopped and safe mode finally works.. hows the log looking?

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:07 PM

Posted 02 November 2009 - 01:47 PM

:( I am glad it is running good.
Your log is clean.

=======Cleanup=======
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
======Next======
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
======================Clear out infected System Restore points======================


Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================
After that your all set. :(


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 mustang0222

mustang0222
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 02 November 2009 - 04:25 PM

kahdah, thanks so much for the help you put in to clean out my comp... im so glad to get it running smoothly again and error free, couldnt have done it without ya... I appreciate the help thanks again

#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:07 PM

Posted 02 November 2009 - 06:48 PM

You are welcome :(


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :(

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users