Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with the "Double Click" virus/cookie/ad-ware worm


  • This topic is locked This topic is locked
12 replies to this topic

#1 Reddhaze781

Reddhaze781

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 09 January 2010 - 03:52 PM

Hey Guys, although I normally have to double-click to open a file or folder, sometimes a single click opens files/folders/e-mail. It is very inconsistent, sometimes requiring two clicks as normal, but sometimes requiring only one click.

Also, when I'm using a web browser and I hit the back/forward button, etc..., the rapid clicks take me many pages back/forward. It's as if my pointer is exceedingly sensitive. Mini advertisements also pop up as I scroll across certain highlighted words.

Another symptom is that it when I try to capture text by holding down the mouse right-click button, it sometimes captures the text, but sometimes refuses to, or will capture only a a small part of the text. This occurs on web pages, but is even worse trying to capture text in this message I'm typing right now.

After doing some research around the web, I've come to believe that the problem revolves around some type of advert cookie or worm that feeds you advertisements based off what you click...but you guys are the experts so I'll leave all that to you.

Thanks in advance, very much...


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 14:40:54.25 on Sat 01/09/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1919.734 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\AOL\1155139980\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\BigFix\bigfix.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Common Files\AOL\1155139980\EE\AOLDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CDisplay\CDISPLAY.EXE
C:\Program Files\Flock\flock\flock.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=oN7sc-J3cYqSaYalOBoXhpFgf5M
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {808af6fc-a293-3bda-b474-6febc4199d48}: {84d9914c-bef6-474b-adb3-392acf6fa808} - c:\windows\system32\vatqss.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Power2GoExpress] NA
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [H/PC Connection Agent] "c:\progra~1\micros~3\wcescomm.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [system tool] c:\windows\sysguard.exe
uRun: [Google Update] "c:\documents and settings\owner.your-dc3e0b8f38\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CHotkey] zHotkey.exe
mRun: [HostManager] c:\program files\common files\aol\1155139980\ee\AOLSoftware.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [Lexmark 1200 Series] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [Motive SmartBridge] c:\progra~1\verizon\smartb~1\MotiveSB.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Daemon Tools] c:\windows\system32\daemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner~1.you\startm~1\programs\startup\aoldes~1.lnk - c:\program files\common files\aol\launch\aollaunch.exe
StartupFolder: c:\docume~1\owner~1.you\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\owner~1.you\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb600n\WUSB600N.exe
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Download all links using BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Download link using &BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: connwsp.dll
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader2.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: hgGyywWN - hgGyywWN.dll
AppInit_DLLs: Google\GOOGLE~1\GOEC62~1.DLL vatqss.dll c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\yivenare.dll c:\windows\system32\yutevaro.dll c:\windows\system32\winufame.dll c:\windows\system32\wusimofi.dll c:\windows\system32\gekujedo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wusimofi.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\wusimofi.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\xxyywuTj
LSA: Notification Packages =
Hosts: 82.98.231.89 browser-security.microsoft.com
Hosts: 82.98.231.89 best-click-scanner.info
Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.you\applic~1\mozilla\firefox\profiles\dr0r1046.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\owner.your-dc3e0b8f38\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\owner.your-dc3e0b8f38\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\owner.your-dc3e0b8f38\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint_.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-12-22 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-22 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-22 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-22 360584]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2006-8-9 80640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-22 285392]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-8-9 126976]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-8-9 122368]
R2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-9 30152]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-12-14 551680]
S2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe --> c:\progra~1\mcafee.com\vso\mcshield.exe [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2006-12-22 16512]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-8-9 245760]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys --> c:\windows\system32\drivers\naiavf5x.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

=============== Created Last 30 ================

2010-01-01 21:29:28 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-01 21:28:36 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-12-22 16:15:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-22 16:15:09 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-22 16:15:09 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-22 16:15:04 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-22 16:14:56 0 d-----w- c:\windows\system32\drivers\Avg
2009-12-21 08:43:03 0 d--h--w- C:\$AVG
2009-12-21 08:42:08 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

==================== Find3M ====================

2010-01-09 18:35:55 32306 ----a-w- c:\docume~1\owner~1.you\applic~1\wklnhst.dat
2009-02-14 20:41:27 428 --sha-w- c:\windows\system32\jTuwyyxx.ini2
2008-12-15 18:31:32 939245 --sha-w- c:\windows\system32\wEghknpo.ini2

============= FINISH: 14:41:30.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:28 AM

Posted 15 January 2010 - 05:42 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:28 AM

Posted 20 January 2010 - 04:15 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:28 AM

Posted 21 February 2010 - 04:03 AM

Topic reopened, please post your logs.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Reddhaze781

Reddhaze781
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 22 February 2010 - 11:44 AM

A few days ago before I completely scrolled down and saw that this thread was closed, I downloaded the OTL software and ran the scan and upon seeing that it was closed, deleted the logs like a moron. I ran the program again but this time there were two OTL.txt files that popped up and no Extra.txt. I uninstalled the OTL software and tried running it again to see if that would correct anything but it didn't. So here are the two OTL.txt files that popped up. Thanks again.

OTL logfile created on: 2/22/2010 11:30:40 AM - Run 5
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 3000 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.53 Gb Total Space | 17.17 Gb Free Space | 7.54% Space Free | Partition Type: NTFS
Drive D: | 5.34 Gb Total Space | 3.40 Gb Free Space | 63.67% Space Free | Partition Type: FAT32
Drive E: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-DC3E0B8F38
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/22 11:29:29 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\OTL.exe
PRC - [2010/02/20 19:48:11 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/01 17:36:56 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/22 11:14:48 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/12/22 11:14:46 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/22 11:14:46 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/22 11:14:45 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/22 11:14:38 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/30 21:14:51 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/09/08 20:09:42 | 000,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/08 20:09:30 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/05 00:54:42 | 000,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/25 04:23:12 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/07 14:48:10 | 007,779,640 | ---- | M] (Flock, Inc.) -- C:\Program Files\Flock\flock\flock.exe
PRC - [2008/09/19 16:34:20 | 000,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2008/06/24 13:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1155139980\EE\aolsoftware.exe
PRC - [2008/06/24 13:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1155139980\EE\AOLDesktop.exe
PRC - [2008/06/05 17:13:38 | 000,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/04/04 12:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/01/09 04:44:20 | 006,922,240 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/12 08:27:51 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/27 08:42:48 | 000,044,384 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2007/01/04 16:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/08/09 11:15:04 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/08/09 11:00:52 | 000,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2006/08/09 11:00:52 | 000,415,744 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
PRC - [2006/08/09 11:00:52 | 000,169,984 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2006/06/23 11:33:02 | 000,438,359 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon\SmartBridge\MotiveSB.exe
PRC - [2006/06/20 21:36:22 | 001,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/06/20 21:36:00 | 000,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/03/16 02:23:28 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
PRC - [2006/03/16 02:07:30 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
PRC - [2006/03/14 04:01:40 | 016,010,752 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2005/12/09 20:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/11/11 17:00:56 | 001,005,096 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
PRC - [2005/11/11 16:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
PRC - [2005/11/11 16:42:12 | 000,524,288 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
PRC - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe
PRC - [2005/10/11 14:47:58 | 002,168,360 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix\bigfix.exe
PRC - [2005/09/22 18:29:08 | 000,303,104 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/09/18 10:32:00 | 000,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/08/24 18:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
PRC - [2005/08/02 18:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 18:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/12/08 19:57:36 | 000,550,912 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/05/24 13:23:38 | 000,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2004/05/24 13:22:06 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/22 11:29:29 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/08/02 11:04:10 | 000,122,880 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon\SmartBridge\SBHook.dll
MOD - [2005/09/18 10:32:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2005/09/18 10:32:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MskService)
SRV - File not found [Auto | Stopped] -- -- (McShield)
SRV - [2009/12/22 11:14:38 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/08 20:09:30 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/02/12 18:56:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/06/03 07:21:37 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/04/04 12:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2007/01/26 06:25:52 | 000,138,168 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/08/09 11:15:04 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/11/11 16:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) [Auto | Running] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
SRV - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/09/18 10:32:00 | 000,131,139 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/08/24 18:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/08/02 18:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2005/07/01 21:22:50 | 000,245,760 | ---- | M] (McAfee, Inc) [On_Demand | Stopped] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/05/24 13:23:38 | 000,311,296 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2003/07/28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/12/22 11:15:09 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/12/22 11:15:09 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/12/22 11:15:04 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/12/22 11:15:02 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/09/28 10:50:46 | 000,021,419 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/10 17:29:22 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/10 17:29:22 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/04/10 17:29:22 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/12/14 17:04:24 | 000,551,680 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/02/27 10:39:26 | 000,032,256 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2006/11/28 20:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/10/10 11:53:48 | 000,005,632 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/07/05 13:10:23 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/07/05 13:10:23 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/06/19 01:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/03/16 00:24:06 | 004,249,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/16 15:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/11/11 16:43:52 | 000,080,640 | ---- | M] (McAfee) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MpFirewall.sys -- (MPFIREWL)
DRV - [2005/11/03 19:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/10/20 20:47:05 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2005/09/18 10:32:00 | 003,493,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/07/29 04:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 04:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/17 11:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/17 11:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/17 11:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/01/07 19:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 14:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/10 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 08:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 08:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/03/17 14:04:14 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/07/17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 22:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5228
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5228
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\S-1-5-21-3822415513-905766359-4020809710-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\S-1-5-21-3822415513-905766359-4020809710-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/01 16:28:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/01/01 16:28:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: C:\Program Files\Flock\flock\plugins [2009/09/13 14:45:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock\Extensions\\Components: C:\Program Files\Flock\flock\components [2009/05/30 08:12:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/20 19:48:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/20 19:48:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/09/13 14:44:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/01/09 22:32:30 | 000,000,000 | ---D | M]

[2008/09/05 08:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Extensions
[2010/02/20 19:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\dr0r1046.default\extensions
[2009/08/14 17:55:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\dr0r1046.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/25 19:21:24 | 000,000,000 | ---D | M] (Media Converter) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\dr0r1046.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2008/08/24 20:49:38 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\dr0r1046.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2008/05/23 23:44:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\dr0r1046.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2009/03/21 17:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\dr0r1046.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/01/30 21:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\dr0r1046.default\extensions\max@subfighter.com
[2009/01/27 13:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\dr0r1046.default\extensions\moveplayer@movenetworks(2).com
[2008/01/08 16:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\vxulmrzq.default\extensions
[2008/01/08 16:52:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\vxulmrzq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2010/02/20 19:49:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/04/13 18:05:58 | 000,000,546 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: ??????????????? spyware-protector-2009.com
O1 - Hosts: ??????????????? www.spyware-protector-2009.com
O1 - Hosts: ??????????????? secure.spyware-protector-2009.com
O1 - Hosts: ??????????????? knocker
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {84d9914c-bef6-474b-adb3-392acf6fa808} - C:\WINDOWS\System32\vatqss.dll File not found
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Catcher Class) - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [Daemon Tools] C:\WINDOWS\System32\daemon.exe File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155139980\EE\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\Verizon\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe File not found
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe File not found
O4 - HKLM..\Run: [Pure Networks Port Magic] C:\Program Files\Pure Networks\Port Magic\PortAOL.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe File not found
O4 - HKLM..\Run: [VSOCheckTask] C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe File not found
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006..\Run: [Google Update] C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006..\Run: [system tool] C:\WINDOWS\sysguard.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe (Linksys)
O4 - Startup: C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Start Menu\Programs\Startup\AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe (AOL LLC)
O4 - Startup: C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/04/17 11:53:41 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Download all links using BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Download link using &BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/04/17 11:53:41 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/04/17 11:53:41 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2008/04/17 11:53:41 | 000,000,000 | ---D | M]
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3822415513-905766359-4020809710-1006\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader2.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (Google\GOOGLE~1\GOEC62~1.DLL) - File not found
O20 - AppInit_DLLs: (vatqss.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\yivenare.dll) - C:\WINDOWS\System32\yivenare.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\yutevaro.dll) - C:\WINDOWS\System32\yutevaro.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\winufame.dll) - C:\WINDOWS\System32\winufame.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\wusimofi.dll) - C:\WINDOWS\System32\wusimofi.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\gekujedo.dll) - C:\WINDOWS\System32\gekujedo.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\hgGyywWN: DllName - hgGyywWN.dll - File not found
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - C:\WINDOWS\System32\wusimofi.dll File not found
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - C:\WINDOWS\System32\wusimofi.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\xxyywuTj) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 04:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f7e6734b-27be-11db-b115-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f7e6734b-27be-11db-b115-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/22 11:29:32 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\OTL.exe
[2010/02/20 16:14:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/20 16:14:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/20 16:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/20 16:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/20 16:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2010/02/20 08:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/02/20 08:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\Adobe
[2010/02/20 06:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Adobe
[2010/01/24 00:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\09F01Supplementary Materials
[2008/09/03 17:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/08/15 02:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2008/07/20 00:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2007/12/01 07:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2007/02/20 20:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Netscape
[2006/11/01 14:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/10/31 14:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2006/10/31 14:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2006/10/30 20:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2032/04/15 08:45:00 | 000,824,277 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\S5000652.JPG
[2010/02/22 11:29:29 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\OTL.exe
[2010/02/22 11:19:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3822415513-905766359-4020809710-1006UA.job
[2010/02/22 11:16:01 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Conversation Essay First Draft - McGee.wps
[2010/02/22 11:16:01 | 000,042,078 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\wklnhst.dat
[2010/02/22 11:05:32 | 000,012,172 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\BlkRelPopCulReadingsFeb23notes.doc
[2010/02/22 11:05:05 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\BlkRelPopCulReadingsFeb23notes.wps
[2010/02/22 11:04:22 | 000,005,614 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Critical Response 5 - McGee.doc
[2010/02/22 11:04:13 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Critical Response 5 - McGee.wps
[2010/02/22 09:29:36 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Essay 2.21.2010 II.doc
[2010/02/22 08:44:27 | 056,090,215 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/22 02:26:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/22 01:51:44 | 001,642,071 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\IMG_9492exp.jpg
[2010/02/22 01:15:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\prvlcl.dat
[2010/02/22 00:29:49 | 001,690,235 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\EvelynHigginbotham-RethinkingVernacularCulture.pdf
[2010/02/21 22:57:43 | 002,858,808 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\IMG_9441.JPG
[2010/02/21 22:57:42 | 002,883,730 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\IMG_9492.JPG
[2010/02/21 22:51:51 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\ConversationLensSources.wps
[2010/02/21 22:19:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3822415513-905766359-4020809710-1006Core.job
[2010/02/21 12:26:15 | 000,348,128 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2010/02/21 09:14:40 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/20 18:13:09 | 000,001,146 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/20 18:12:20 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/20 18:12:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/20 18:11:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/20 18:11:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/20 18:11:21 | 2012,794,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/20 18:10:30 | 011,534,336 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\ntuser.dat
[2010/02/20 18:10:05 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\ntuser.ini
[2010/02/19 21:40:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/19 16:40:39 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Lens Essay First Draft - McGee.wps
[2010/02/19 14:13:13 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Critical Response 4 - EMcGee.wps
[2010/02/19 14:12:59 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Critical Response #3.wps
[2010/02/18 01:04:10 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Homework 3.2 - McGee.wps
[2010/02/18 01:04:00 | 000,002,702 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Homework 3.2 - McGee.doc
[2010/02/17 23:57:04 | 000,013,269 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Homework 4 - McGee.doc
[2010/02/17 23:56:47 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Homework 4 - McGee.wps
[2010/02/17 09:02:41 | 003,196,044 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Appiah_-_The_Case_for_Contamination.pdf
[2010/02/17 09:02:16 | 000,125,000 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Gans_-_Race_As_Class.pdf
[2010/02/17 09:02:10 | 001,723,489 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Spivak_-_Politics_and_the_Imagination.pdf
[2010/02/16 04:31:00 | 000,004,116 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Unit 2 - Homework 3.1 - McGee.doc
[2010/02/16 04:30:52 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Unit 2 - Homework 3.1 - McGee.wps
[2010/02/15 20:40:40 | 000,013,740 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Critical Response 4 Notes.doc
[2010/02/15 15:18:27 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Kwame Anthony Appiah(2).doc
[2010/02/15 11:00:09 | 000,004,939 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\CriticalResponse4-EMcGee.doc
[2010/02/14 20:52:13 | 001,109,326 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\9152.ch01.pdf
[2010/02/14 20:52:07 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Kwame Anthony Appiah.doc
[2010/02/11 22:19:47 | 000,002,402 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Google Chrome.lnk
[2010/02/11 07:58:21 | 000,016,989 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\LensEssaySupplements.doc
[2010/02/11 07:57:04 | 000,018,116 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Unit_1_-_Lens_Essay_Draft_2_-_McGee.doc
[2010/02/11 07:56:50 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Unit_1_-_Lens_Essay_Draft_2_-_McGee.wps
[2010/02/11 07:51:31 | 000,006,643 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Homework 2 - McGee.doc
[2010/02/11 07:51:23 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Homework 2 - McGee.wps
[2010/02/11 02:16:17 | 001,992,745 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Ehrenreich_-_Maid_to_Order.pdf
[2010/02/09 07:25:16 | 000,030,694 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\SweatShopSublimeNotes.doc
[2010/02/09 07:25:07 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\SweatShopSublimeNotes.wps
[2010/02/09 07:21:32 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Homework 1 - McGee.wps
[2010/02/09 07:19:19 | 000,006,491 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Homework 1 - McGee.doc
[2010/02/08 22:19:10 | 000,032,097 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\BlRelPopCul3-9-10-Notes.doc
[2010/02/08 22:18:54 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\BlRelPopCul3-9-10-Notes.wps
[2010/02/08 10:51:58 | 000,006,571 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\CriticalResponse3-McGee.doc
[2010/02/08 10:51:49 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\CriticalResponse3-McGee.wps
[2010/02/07 22:57:17 | 000,000,389 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2010/02/07 03:23:37 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\BlkRelPopCulFinal Project.wps
[2010/02/07 01:00:47 | 001,608,020 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\JosefSorett-AfricanAmericanReligionandPopularCulture.pdf
[2010/02/06 18:22:38 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\LensEssayOutline.wps
[2010/02/06 18:22:20 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Unit_1_-_Lens_Essay_Draft_1_-_McGee.wps
[2010/02/06 18:17:21 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Unit_2_Homework_1.doc
[2010/02/06 18:08:11 | 002,150,892 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\JuanFlores-FromBombatoHipHop.pdf
[2010/02/06 18:06:27 | 006,943,525 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\RichardIton-InSearchoftheBlackFantastic.pdf
[2010/02/06 18:04:55 | 001,863,587 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Robbins_-_The_Sweatshop_Sublime.pdf
[2010/02/06 08:05:47 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/04 23:59:54 | 000,203,055 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Procrastination workshop Dr Yaniv Phillips.pdf
[2010/02/04 23:54:02 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Cornell Notes template.zip
[2010/02/04 07:18:38 | 000,018,789 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Unit_1_-_Lens_Essay_Draft_1-5_-_McGee.doc
[2010/02/04 07:18:03 | 000,023,781 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\LensEssayOutline.doc
[2010/02/04 07:14:09 | 000,012,340 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\AfricanDiaspora2-04-Notes.doc
[2010/02/04 04:52:19 | 002,210,990 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\AFRICA IN THE ISLAMIC WORLD.pdf
[2010/02/04 04:52:09 | 001,064,902 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\PRECOLONIAL AFRICAN PHILOSOPHY IN ARABIC.pdf
[2010/02/04 04:52:01 | 000,869,087 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\ISLAM IN AFRICA.pdf
[2010/02/02 22:14:38 | 000,023,972 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Unit_1_-_Lens_Essay_Draft_1_-_McGee.doc
[2010/01/30 21:18:03 | 000,024,130 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\TheDarkKnight.doc
[2010/01/30 21:17:52 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\TheDarkKnight.wps
[2010/01/30 07:15:21 | 000,097,484 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/29 22:24:40 | 000,052,805 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Unit 1-Homework 3-McGee.doc
[2010/01/29 20:12:36 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\SuperheroStuff.wps
[2010/01/28 08:12:25 | 000,006,196 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 1-Homework 3-McGee.doc
[2010/01/28 08:12:12 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 1-Homework 3-McGee.doc.uob
[2010/01/28 07:51:27 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 1-Homework 3-McGee.wps
[2010/01/28 00:57:33 | 027,486,673 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\X-Men - World's Apart 02 (of 04) (2009) (Minutemen-Zone).cbr
[2010/01/25 23:12:02 | 000,003,674 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 1-Homework 2-McGee.doc
[2010/01/25 10:56:18 | 000,009,906 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\RelBlackPopExtraCredit.doc
[2010/01/25 10:56:02 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\RelBlackPopExtraCredit.wps
[2010/01/25 10:37:49 | 000,003,467 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\EvanMcGeeCriticalResponseWk1.doc
[2010/01/24 23:24:15 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\UniversityWritingHomework2.wps
[2010/01/24 00:27:00 | 001,022,944 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\COL66VG5650.pdf
[2010/01/24 00:06:16 | 005,105,852 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Re_ Readings for MONDAY _TAKE II.zip
[2010/01/23 15:50:05 | 000,004,843 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 1-Homework 1-McGee.doc
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/22 11:05:32 | 000,012,172 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\BlkRelPopCulReadingsFeb23notes.doc
[2010/02/22 11:05:05 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\BlkRelPopCulReadingsFeb23notes.wps
[2010/02/22 11:04:22 | 000,005,614 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Critical Response 5 - McGee.doc
[2010/02/22 09:36:50 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Critical Response 5 - McGee.wps
[2010/02/22 09:29:41 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Essay 2.21.2010 II.doc
[2010/02/22 01:51:38 | 001,642,071 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\IMG_9492exp.jpg
[2010/02/22 00:39:45 | 001,329,201 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\0807855308.pdf
[2010/02/22 00:29:49 | 001,690,235 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\EvelynHigginbotham-RethinkingVernacularCulture.pdf
[2010/02/21 22:57:16 | 002,858,808 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\IMG_9441.JPG
[2010/02/21 22:57:10 | 002,883,730 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\IMG_9492.JPG
[2010/02/20 19:24:45 | 000,011,636 | -HS- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\AlbumArt_{57F3A7F1-00BB-4F90-B59C-C12C1771FEDC}_Large.jpg
[2010/02/20 19:24:45 | 000,010,763 | -HS- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\AlbumArt_{499E6EB2-7773-4A4B-BEDF-E50FA55C77B3}_Large.jpg
[2010/02/20 19:24:45 | 000,009,593 | -HS- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\AlbumArt_{665AB820-9CEE-4F6B-B07F-8755BA71118E}_Large.jpg
[2010/02/20 19:24:45 | 000,008,089 | -HS- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\AlbumArt_{57D0A4E2-7D81-4A3D-B658-29194985768F}_Large.jpg
[2010/02/20 19:24:45 | 000,007,947 | -HS- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\AlbumArt_{8E6ED529-6653-41E0-8D69-E3565F175001}_Large.jpg
[2010/02/20 19:24:45 | 000,003,247 | -HS- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\AlbumArt_{26BF40C0-F92B-42D7-82A9-5EE9D2B8B507}_Large.jpg
[2010/02/20 19:24:45 | 000,002,891 | -HS- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\AlbumArt_{57F3A7F1-00BB-4F90-B59C-C12C1771FEDC}_Small.jpg
[2010/02/20 19:24:45 | 000,002,625 | -HS- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\AlbumArt_{499E6EB2-7773-4A4B-BEDF-E50FA55C77B3}_Small.jpg
[2010/02/20 19:24:45 | 000,002,614 | -HS- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\AlbumArt_{665AB820-9CEE-4F6B-B07F-8755BA71118E}_Small.jpg
[2010/02/20 19:24:45 | 000,002,416 | -HS- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\AlbumArt_{57D0A4E2-7D81-4A3D-B658-29194985768F}_Small.jpg
[2010/02/20 19:24:45 | 000,001,163 | -HS- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\AlbumArt_{26BF40C0-F92B-42D7-82A9-5EE9D2B8B507}_Small.jpg
[2010/02/19 16:40:51 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Conversation Essay First Draft - McGee.wps
[2010/02/19 12:39:45 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Lens Essay First Draft - McGee.wps
[2010/02/18 23:30:44 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Critical Response 4 - EMcGee.wps
[2010/02/18 01:35:03 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Critical Response #3.wps
[2010/02/17 23:57:52 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\ConversationLensSources.wps
[2010/02/17 23:57:04 | 000,013,269 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Homework 4 - McGee.doc
[2010/02/17 19:34:04 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Homework 4 - McGee.wps
[2010/02/17 09:02:25 | 003,196,044 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Appiah_-_The_Case_for_Contamination.pdf
[2010/02/17 09:02:17 | 000,125,000 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Gans_-_Race_As_Class.pdf
[2010/02/17 09:02:07 | 001,723,489 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Spivak_-_Politics_and_the_Imagination.pdf
[2010/02/16 07:10:45 | 000,002,702 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Homework 3.2 - McGee.doc
[2010/02/16 07:10:22 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Homework 3.2 - McGee.wps
[2010/02/16 04:31:00 | 000,004,116 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Unit 2 - Homework 3.1 - McGee.doc
[2010/02/16 04:28:03 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Unit 2 - Homework 3.1 - McGee.wps
[2010/02/15 20:40:40 | 000,013,740 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Critical Response 4 Notes.doc
[2010/02/15 15:18:29 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Kwame Anthony Appiah(2).doc
[2010/02/15 11:00:09 | 000,004,939 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\CriticalResponse4-EMcGee.doc
[2010/02/14 20:52:10 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Kwame Anthony Appiah.doc
[2010/02/14 20:51:47 | 001,109,326 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\9152.ch01.pdf
[2010/02/11 07:58:21 | 000,016,989 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\LensEssaySupplements.doc
[2010/02/11 07:57:04 | 000,018,116 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Unit_1_-_Lens_Essay_Draft_2_-_McGee.doc
[2010/02/11 07:51:31 | 000,006,643 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Homework 2 - McGee.doc
[2010/02/11 04:21:18 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Homework 2 - McGee.wps
[2010/02/11 02:16:11 | 001,992,745 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Ehrenreich_-_Maid_to_Order.pdf
[2010/02/10 06:15:05 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Unit_1_-_Lens_Essay_Draft_2_-_McGee.wps
[2010/02/09 07:25:15 | 000,030,694 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\SweatShopSublimeNotes.doc
[2010/02/09 07:19:19 | 000,006,491 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Homework 1 - McGee.doc
[2010/02/08 22:19:10 | 000,032,097 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\BlRelPopCul3-9-10-Notes.doc
[2010/02/08 10:51:58 | 000,006,571 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\CriticalResponse3-McGee.doc
[2010/02/07 03:24:49 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 2 - Homework 1 - McGee.wps
[2010/02/07 03:24:17 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\BlRelPopCul3-9-10-Notes.wps
[2010/02/07 03:23:37 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\BlkRelPopCulFinal Project.wps
[2010/02/07 03:23:11 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\CriticalResponse3-McGee.wps
[2010/02/07 01:00:46 | 001,608,020 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\JosefSorett-AfricanAmericanReligionandPopularCulture.pdf
[2010/02/06 19:43:23 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\SweatShopSublimeNotes.wps
[2010/02/06 18:17:23 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Unit_2_Homework_1.doc
[2010/02/06 18:06:38 | 002,150,892 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\JuanFlores-FromBombatoHipHop.pdf
[2010/02/06 18:06:30 | 006,943,525 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\RichardIton-InSearchoftheBlackFantastic.pdf
[2010/02/06 18:04:54 | 001,863,587 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Robbins_-_The_Sweatshop_Sublime.pdf
[2010/02/04 23:59:57 | 000,203,055 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Procrastination workshop Dr Yaniv Phillips.pdf
[2010/02/04 23:54:06 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Cornell Notes template.zip
[2010/02/04 07:18:38 | 000,018,789 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Unit_1_-_Lens_Essay_Draft_1-5_-_McGee.doc
[2010/02/04 07:18:02 | 000,023,781 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\LensEssayOutline.doc
[2010/02/04 07:14:09 | 000,012,340 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\AfricanDiaspora2-04-Notes.doc
[2010/02/04 04:52:12 | 002,210,990 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\AFRICA IN THE ISLAMIC WORLD.pdf
[2010/02/04 04:52:06 | 001,064,902 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\PRECOLONIAL AFRICAN PHILOSOPHY IN ARABIC.pdf
[2010/02/04 04:52:01 | 000,869,087 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\ISLAM IN AFRICA.pdf
[2010/02/02 22:21:45 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Unit_1_-_Lens_Essay_Draft_1_-_McGee.wps
[2010/02/02 22:15:03 | 000,023,972 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Unit_1_-_Lens_Essay_Draft_1_-_McGee.doc
[2010/01/30 21:18:02 | 000,024,130 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\TheDarkKnight.doc
[2010/01/30 06:28:34 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\LensEssayOutline.wps
[2010/01/29 22:24:47 | 000,052,805 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Unit 1-Homework 3-McGee.doc
[2010/01/29 20:12:36 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\SuperheroStuff.wps
[2010/01/29 12:03:04 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\TheDarkKnight.wps
[2010/01/28 08:12:25 | 000,006,196 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 1-Homework 3-McGee.doc
[2010/01/28 08:11:59 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 1-Homework 3-McGee.doc.uob
[2010/01/28 07:50:17 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 1-Homework 3-McGee.wps
[2010/01/25 22:39:11 | 000,003,674 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Unit 1-Homework 2-McGee.doc
[2010/01/25 10:56:18 | 000,009,906 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\RelBlackPopExtraCredit.doc
[2010/01/25 10:37:49 | 000,003,467 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\EvanMcGeeCriticalResponseWk1.doc
[2010/01/24 20:40:04 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\UniversityWritingHomework2.wps
[2010/01/24 18:50:53 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\RelBlackPopExtraCredit.wps
[2010/01/24 00:26:57 | 001,022,944 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\COL66VG5650.pdf
[2010/01/24 00:05:48 | 005,105,852 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\Re_ Readings for MONDAY _TAKE II.zip
[2010/01/10 22:17:27 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/09 23:10:32 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/09/22 18:00:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\prvlcl.dat
[2009/06/09 20:21:53 | 000,000,341 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2009/06/09 20:21:53 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2009/06/09 20:21:53 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2009/04/14 07:35:48 | 001,403,647 | -HS- | C] () -- C:\WINDOWS\System32\apedutop.ini
[2009/04/13 19:31:42 | 001,403,647 | -HS- | C] () -- C:\WINDOWS\System32\utagayud.ini
[2009/04/13 18:50:41 | 001,403,647 | -HS- | C] () -- C:\WINDOWS\System32\uhirovez.ini
[2009/04/13 18:28:04 | 001,403,647 | -HS- | C] () -- C:\WINDOWS\System32\owojozup.ini
[2009/04/13 18:05:27 | 001,403,647 | -HS- | C] () -- C:\WINDOWS\System32\omufufuf.ini
[2009/04/13 05:45:44 | 001,417,378 | -HS- | C] () -- C:\WINDOWS\System32\ekipepor.ini
[2009/02/14 13:11:46 | 000,030,326 | -HS- | C] () -- C:\WINDOWS\System32\jTuwyyxx.ini
[2009/02/14 13:11:46 | 000,000,428 | -HS- | C] () -- C:\WINDOWS\System32\jTuwyyxx.ini2
[2008/12/15 10:17:22 | 000,698,486 | -HS- | C] () -- C:\WINDOWS\System32\ugtjgcsy.ini
[2008/12/13 21:14:37 | 000,939,245 | -HS- | C] () -- C:\WINDOWS\System32\wEghknpo.ini2
[2008/12/13 21:14:37 | 000,939,245 | -HS- | C] () -- C:\WINDOWS\System32\wEghknpo.ini
[2008/10/01 06:06:36 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2008/07/04 02:22:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2008/05/21 22:00:42 | 000,027,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys
[2008/05/21 22:00:42 | 000,015,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/04/28 02:46:48 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarIe7.dll
[2008/04/28 02:46:48 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarBho.dll
[2008/01/10 15:10:47 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\AVIEncoder.wff
[2007/11/01 16:06:57 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\$_hpcst$.hpc
[2007/10/11 02:20:04 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/10/10 17:27:27 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50(2)(2).dll
[2007/06/06 20:06:13 | 000,000,121 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\YBABEEP.SYS
[2007/06/06 19:39:47 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\IndustrialAudioEditor.ini
[2007/06/06 19:38:46 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\symbios.sys
[2006/12/13 23:41:29 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/08 04:07:16 | 000,042,078 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\wklnhst.dat
[2006/12/05 14:42:55 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/11/30 00:53:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/04 17:18:43 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2006/11/03 23:21:20 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2006/11/03 21:47:31 | 000,135,168 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/03 21:33:52 | 000,589,824 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/11/03 21:33:52 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/01 03:58:11 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\fusioncache.dat
[2006/10/30 23:33:48 | 000,000,389 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/10/30 23:33:47 | 000,000,108 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/08/09 11:15:09 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/08/09 11:12:19 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/08/09 11:12:19 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/08/09 11:12:19 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2006/08/09 11:11:16 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/08/09 11:06:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/09 10:38:24 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/09 10:38:23 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/09 10:38:22 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/09 10:38:20 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/09 10:38:20 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/09 10:38:20 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/09 10:38:16 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/27 12:28:42 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/07/11 17:33:49 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/06/21 04:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/17 04:24:58 | 000,001,270 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 04:24:57 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 04:23:22 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2006/05/02 17:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2006/01/30 07:42:22 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2005/08/05 23:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 18:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/13 02:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[1996/02/23 16:34:48 | 000,014,629 | ---- | C] () -- C:\WINDOWS\System32\Declw.dll
[1996/02/22 14:09:20 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\Decln.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F8C9007
< End of report >

I tried to post the other OTL.txt file but I got an error message saying the thread was too long.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:28 AM

Posted 22 February 2010 - 04:36 PM

Hi,

you are definitely still infected. But it is totally normal that OTL only produces two logs on the first run. I will ask you to run a scan for the extra.txt when we need it.

For now please run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Reddhaze781

Reddhaze781
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 28 February 2010 - 02:07 AM

I did exactly as you said and on two separate occasions, in both normal and safe mode, my computer crashed in the middle of the scan. The infection must run deep, so what now? Thanks.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:28 AM

Posted 01 March 2010 - 10:34 AM

Hi,

please run a scan with rootrepeal isntead:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

As well as a scan with mbr:
Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Reddhaze781

Reddhaze781
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 01 March 2010 - 02:25 PM



Ok, here is the Rootrepeal log.


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/03/01 13:59
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB67D8000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE0E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB257B000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\$avg\$chjw\34a60fcc-1953-450e-b902-f797ad3b0e52
Status: Size mismatch (API: 1447764, Raw: 1317204)

Path: c:\$avg\$chjw\c9cee55e-28d8-4138-bcf9-5b9827571cff
Status: Size mismatch (API: 641144, Raw: 445304)

Path: C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Temp\sqlite_6Q6PAroXPogxsiI
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\iTunes\iTunes.Resources\de.lproj\iPodSettings.nib\objects.xib
Status: Locked to the Windows API!

==EOF==

And here is the mbr log.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 60 !


Thanks!

Attached Files



#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:28 AM

Posted 01 March 2010 - 02:57 PM

Hi,

it seems you are not infected by a rootkit! That's a good thing. smile.gif

Please run ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Reddhaze781

Reddhaze781
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 02 March 2010 - 05:26 AM

Here you go! Thanks alot.


ComboFix 10-03-01.01 - Owner 03/02/2010 5:01.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1919.1028 [GMT -5:00]
Running from: c:\documents and settings\Owner.YOUR-DC3E0B8F38\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\sysReserve.ini
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\recycler\S-1-5-21-3184997983-3164463926-2442236481-500
C:\Thumbs.db
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\EventSystem.log
c:\windows\system32\apedutop.ini
c:\windows\system32\ekipepor.ini
c:\windows\system32\jTuwyyxx.ini
c:\windows\system32\jTuwyyxx.ini2
c:\windows\system32\omufufuf.ini
c:\windows\system32\owojozup.ini
c:\windows\system32\twain_32.dll
c:\windows\system32\ugtjgcsy.ini
c:\windows\system32\uhirovez.ini
c:\windows\system32\utagayud.ini
c:\windows\system32\wEghknpo.ini
c:\windows\system32\wEghknpo.ini2
c:\windows\system32\win32.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-02 to 2010-03-02 )))))))))))))))))))))))))))))))
.

2010-03-02 08:05 . 2010-03-02 08:05 -------- d-----w- c:\windows\system32\XPSViewer
2010-03-02 08:05 . 2010-03-02 08:05 -------- d-----w- c:\program files\MSBuild
2010-03-02 08:05 . 2010-03-02 08:05 -------- d-----w- c:\program files\Reference Assemblies
2010-03-02 08:04 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-03-02 08:04 . 2010-03-02 08:04 -------- d-----w- C:\c4d11bd77446d096f59f1ee83d
2010-03-02 08:04 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-03-02 08:04 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-03-02 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-03-02 08:04 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-03-02 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-03-02 08:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-03-02 08:04 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-03-02 08:04 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-03-02 08:01 . 2010-03-02 08:01 -------- d-----w- c:\program files\MSXML 6.0
2010-03-02 03:14 . 2010-03-02 03:14 -------- d-----w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\AVG9
2010-03-01 19:19 . 2010-03-01 19:18 77312 ----a-w- C:\mbr.exe
2010-02-28 08:03 . 2010-02-28 08:03 -------- d-----w- c:\windows\ServicePackFiles
2010-02-27 23:47 . 2009-11-21 16:36 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-27 23:47 . 2009-10-15 17:21 82432 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-02-27 23:46 . 2009-03-06 14:44 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-02-27 23:46 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-02-27 23:46 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-02-27 23:46 . 2009-02-06 16:54 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2010-02-27 23:46 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2010-02-27 23:46 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-02-27 23:46 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-02-27 23:46 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-02-27 23:46 . 2009-02-09 10:20 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-02-27 23:46 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-02-27 23:42 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-02-27 23:04 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-02-20 21:13 . 2010-02-20 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-02-20 13:36 . 2010-02-20 18:42 -------- d-----w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\Adobe
2010-02-20 13:36 . 2010-02-20 13:37 -------- d-----w- c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-02 09:56 . 2006-06-19 04:25 194784 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-01 06:16 . 2009-09-22 23:00 0 ----a-w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\prvlcl.dat
2010-03-01 06:16 . 2008-12-22 14:56 0 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\prvlcl.dat
2010-02-28 20:59 . 2007-12-04 14:19 -------- d-----w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\uTorrent
2010-02-28 08:41 . 2006-12-08 09:07 42882 ----a-w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\wklnhst.dat
2010-02-20 21:13 . 2009-12-21 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-17 22:30 . 2007-12-03 15:40 -------- d-----w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\dvdcss
2010-01-30 12:15 . 2009-06-04 19:28 97484 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-21 09:04 . 2006-11-01 23:54 -------- d-----w- c:\program files\Lexmark 1200 Series
2010-01-10 04:12 . 2010-01-10 04:10 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-01-10 04:12 . 2010-01-10 04:10 -------- d-----w- c:\program files\AviSynth 2.5
2010-01-10 04:10 . 2010-01-10 04:10 -------- d-----w- c:\program files\AML Products
2010-01-10 03:35 . 2010-01-10 03:32 -------- d-----w- c:\program files\CinemaForge
2010-01-10 03:00 . 2010-01-10 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-01-10 03:00 . 2010-01-10 03:00 -------- d-----w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\AVS4YOU
2010-01-10 02:59 . 2010-01-10 02:56 -------- d-----w- c:\program files\AVS4YOU
2010-01-10 02:59 . 2010-01-10 02:57 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-07 03:58 . 2010-01-01 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-01-05 10:00 . 2006-06-17 09:23 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2006-06-17 09:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2006-06-17 09:23 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:14 . 2006-06-17 09:23 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 16:15 . 2009-12-22 16:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-22 16:15 . 2009-12-22 16:15 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-22 16:15 . 2009-12-22 16:15 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-22 16:15 . 2009-12-22 16:15 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-22 16:15 . 2009-12-22 16:15 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-16 12:58 . 2006-06-17 09:35 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2006-06-17 09:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 18:11 . 2006-06-17 09:23 2142720 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:35 . 2004-08-04 05:59 2020864 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2006-06-17 09:23 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

------- Sigcheck -------

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\es.dll
[7] 2005-07-26 11:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-10 19:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 14:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-12 68856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"Google Update"="c:\documents and settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-05 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-08-09 169984]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 16010752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"nwiz"="nwiz.exe" [2005-09-18 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"CHotkey"="zHotkey.exe" [2004-12-09 550912]
"HostManager"="c:\program files\Common Files\AOL\1155139980\ee\AOLSoftware.exe" [2008-06-24 41824]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 1121280]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"Motive SmartBridge"="c:\progra~1\Verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 438359]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Owner.YOUR-DC3E0B8F38\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-6-24 41824]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-11 385024]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2007-3-19 44384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2006-8-9 2168360]
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-02-27 15:39 282624 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-22 16:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1155139980\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1155139980\\EE\\aolsoftware.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Netscape\\Netscape Browser\\netscape.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1155139980\\EE\\AOLDesktop.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Lexmark 1200 Series\\lxczbmgr.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26230:TCP"= 26230:TCP:BitComet 26230 TCP
"26230:UDP"= 26230:UDP:BitComet 26230 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [12/22/2009 11:15 AM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/22/2009 11:15 AM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/22/2009 11:15 AM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 11:53 AM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 10:39 AM 32256]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/22/2009 11:14 AM 285392]
R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/9/2007 10:59 PM 30152]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [12/14/2007 5:04 PM 551680]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [12/22/2006 3:31 AM 16512]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 3:51 PM 4096]
.
Contents of the 'Scheduled Tasks' folder

2010-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3822415513-905766359-4020809710-1006Core.job
- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-05 15:08]

2010-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3822415513-905766359-4020809710-1006UA.job
- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-05 15:08]

2010-03-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=oN7sc-J3cYqSaYalOBoXhpFgf5M
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
LSP: connwsp.dll
FF - ProfilePath - c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\dr0r1046.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint_.dll
FF - plugin: c:\windows\system32\npmirage.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{84d9914c-bef6-474b-adb3-392acf6fa808} - c:\windows\system32\vatqss.dll
HKCU-Run-Aim6 - (no file)
HKLM-Run-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe
HKLM-Run-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe
HKLM-Run-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe
HKLM-Run-VirusScan Online - c:\program files\McAfee.com\VSO\mcvsshld.exe
HKLM-Run-Daemon Tools - c:\windows\system32\daemon.exe
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wusimofi.dll
Notify-hgGyywWN - hgGyywWN.dll
AddRemove-Adobe_3e054d2218e7aa282c2369d939e58ff - c:\program files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
AddRemove-gtw_logo - c:\windows\system32\gtw_logo.scr
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-02 05:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(848)
c:\windows\system32\connwsp.dll

- - - - - - - > 'explorer.exe'(4324)
c:\windows\system32\WININET.dll
c:\progra~1\Verizon\SMARTB~1\SBHook.dll
c:\windows\system32\nview.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\ARPWRMSG.EXE
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\zHotkey.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\windows\system32\rundll32.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\progra~1\MICROS~3\wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\Common Files\AOL\1155139980\EE\AOLDesktop.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-03-02 05:22:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-02 10:22
ComboFix2.txt 2008-05-24 14:27
ComboFix3.txt 2008-05-23 19:39

Pre-Run: 17,530,953,728 bytes free
Post-Run: 20,751,056,896 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 19F04F06FF6394E1DD1BA25AA318A7E1


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:28 AM

Posted 02 March 2010 - 08:23 AM

Hi,

it seems that ComboFix took care of the leftover files. How is the PC doing?

Please provide a new log from OTL.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:28 AM

Posted 07 March 2010 - 08:45 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users