Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search links are hijacked/crash computer


  • This topic is locked This topic is locked
22 replies to this topic

#1 zanvill

zanvill

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 12 January 2010 - 12:04 AM

When I do a search on Google and click on a link I often get redirected to an advertising site, sometimes dirty sites as well. Here are some examples of where I've been taken:

smilerepairshop.com/result.php?Keywords=what+is+id_string1.68&r=aa0c3123c4aa4d650e996f41504aa937a0b13bdcd6a9c32078c7a00239bb7f24e7ab2c1a30baca8e29424ae130ce3d61&Submit=Go

wodex.com/search.php

mcplumber.com/result.php?Keywords=forums.techguy.org+%E2%80%BA+Operating+Systems+%E2%80%BA+Windows+XP&r=4db2fd252460ae415c8babbd46afbf051d55ed882696f3bc4743bbad09e48641be5b94fc391867347181504dff7a6f08&Submit=Go

swan.com/search.php

secured-personalloans.com

scan-mirco-pc-com.com/security1/?aid=01002&v=2&phpID=MTI2MzE2OTQ2Nw==

fasedos.com/result.php?Keywords=Kravings+Kosher+Dairy+Restaurant&r=60dd22bfc4692544aee5900feab4bbad713f1e8303cfb1694830b17f09f669cc2fc8f22f9fe557a6c0975e1058f225b5&Submit=Go

ultraberry.com/result.php?Keywords=what+is+id_string1.68&r=aa0c3123c4aa4d650e996f41504aa937a0b13bdcd6a9c32078c7a00239bb7f24e7ab2c1a30baca8e29424ae130ce3d61&Submit=Go

As you can see it often is a random website, somehow including the search keywords in the link..??

I ran several anti spyware programs. After Malwarebytes' deleted some registry stuff, there was a change in Firefox.. when clicking a google link I can see the browser attempting several redirects.. only to be forced back to a blank google search.

I believe that whatever this is it has caused the computer to crash several times (the blue screen). I think it caused some error with the RAM and I had to remove some RAM to get the computer to start up again but it still crashes sometimes, and sometimes just after clicking a google link.

What can I do to kill this thing??

please help!! asap!!

thanks so much


Edit: Link disabled, to preclude possible infection. ~tg

Edit: Good point!!!! thanks and I'm sorry I didn't realize to do that

here's my HiJackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:38 AM, on 1/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\The Levins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Documents and Settings\The Levins\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shmais.com/?select=full
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--160150756.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--160150756.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [QuickenScheduledUpdates] \bagent.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\The Levins\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\The Levins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--160150756.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--160150756.dll/gn_menu2.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.mychabad.org/admin/Publishing/XUpload.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Online Backup Service - Unknown owner - C:\Program Files\Data Deposit Box\Data Deposit Box\nts.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: (no name) - http://onlysimchas.com/pix/g25830/238974.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/THELEV~1/LOCALS~1/Temp/msohtml1/01/clip_image003.gif
O24 - Desktop Component 2: (no name) - http://www.shmais.com/images/largepics/left_941.jpg
O24 - Desktop Component 3: (no name) - file:///C:/DOCUME~1/THELEV~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 4: (no name) - http://www.shmaisradio.com/images/shmaisindex_9.jpg

--
End of file - 12751 bytes

Merged posts. ~ OB

Edited by Orange Blossom, 12 January 2010 - 08:10 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:44 PM

Posted 17 January 2010 - 02:53 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 zanvill

zanvill
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 22 January 2010 - 01:02 AM

Hi, thanks for your reply! I though I had already signed up to follow this topic and had been watching my inbox. Just thought to check here anyway - and see you had already replied a few days ago!!

Same problem.. mainly hijacking of google links which leads to more than one site (one after another) while seemingly downloading stuff onto the computer (spybot keeps finding things. But now I won't run any anti spyware until you tell me to).
and VERY SLOW (sometimes)

Here are the files you requested

OTL logfile created on: 1/22/2010 12:38:09 AM - Run 1
OTL by OldTimer - Version 3.1.25.4 Folder = C:\Documents and Settings\The Levins\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 112.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 34.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.17 Gb Total Space | 1.17 Gb Free Space | 1.65% Space Free | Partition Type: NTFS
Drive D: | 2.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D4VN6P71
Current User Name: The Levins
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/22 00:31:16 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Levins\My Documents\Downloads\OTL.exe
PRC - [2010/01/12 23:28:50 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2010/01/12 23:28:50 | 00,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/12/29 20:41:43 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/29 20:41:22 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/17 10:18:35 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\The Levins\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/12/17 10:18:35 | 00,135,664 | ---- | M] (Google Inc.) -- C:\Documents and Settings\The Levins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2009/12/09 18:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\The Levins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/12/08 23:45:27 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/08 23:45:27 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/12/03 16:52:32 | 01,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2009/12/03 16:52:32 | 00,670,864 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2009/10/29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009/10/28 01:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/09/28 19:34:20 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/09/28 19:34:14 | 00,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/12/11 15:10:26 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/12/11 15:10:18 | 17,152,808 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2007/12/11 15:10:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/10/31 17:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/07/17 01:15:10 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/25 18:34:54 | 00,276,248 | ---- | M] (GP Software) -- C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
PRC - [2007/05/17 20:49:14 | 00,479,232 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
PRC - [2007/04/17 16:03:50 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2006/11/03 18:00:54 | 01,585,152 | ---- | M] (Belkin Corporation) -- C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
PRC - [2006/02/28 14:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/02/23 16:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/10/14 14:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/08/04 05:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\CALC.EXE
PRC - [2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/03/23 12:15:40 | 00,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2000/06/26 09:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
PRC - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/22 00:31:16 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Levins\My Documents\Downloads\OTL.exe
MOD - [2007/05/25 18:32:52 | 00,288,536 | ---- | M] (GP Software) -- C:\Program Files\GPSoftware\Directory Opus\dopushlp.dll
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/08/31 20:41:53 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\linkinfo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Pml Driver HPZ12)
SRV - [2010/01/12 23:28:50 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/29 20:41:22 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/08 23:45:27 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/03 16:52:32 | 01,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/29 21:08:39 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/10/29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/10/27 14:31:06 | 01,012,080 | ---- | M] (Sunbelt Software) [Disabled | Stopped] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2009/09/28 19:34:20 | 00,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2007/12/11 15:10:16 | 00,504,104 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/10/31 17:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/07/24 17:43:55 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/05/17 23:05:00 | 00,520,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\ati2sgag.exe -- (ATI Smart)
SRV - [2007/05/17 20:49:14 | 00,479,232 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/04/17 16:03:50 | 00,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/03/07 17:47:46 | 00,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/02/28 14:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/07/15 22:56:34 | 00,143,360 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Data Deposit Box\Data Deposit Box\nts.exe -- (Online Backup Service)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/03/23 12:15:40 | 00,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
SRV - [2000/06/26 09:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2010/01/03 14:07:45 | 00,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\regguard.sys -- (RegGuard)
DRV - [2009/12/29 20:42:46 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/12/29 20:42:22 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/12/29 20:42:20 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/10/13 09:22:50 | 00,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys -- (SBRE)
DRV - [2009/09/28 19:34:46 | 00,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/09/23 09:41:58 | 00,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hamachi.sys -- (hamachi)
DRV - [2009/07/15 09:17:58 | 00,203,056 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sbtis.sys -- (sbtis)
DRV - [2009/06/30 09:37:16 | 00,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/08/11 12:40:58 | 00,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:40:58 | 00,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/10/31 17:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2007/05/17 20:57:34 | 02,164,736 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2007/04/17 16:00:28 | 00,010,144 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMImirr.sys -- (LMImirr)
DRV - [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/02/25 14:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 18:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/19 18:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/07/06 06:59:42 | 00,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2005/11/10 12:54:56 | 00,402,944 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2005/01/27 15:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2004/12/10 08:44:24 | 00,014,336 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NetMotCM.sys -- (ndiscm)
DRV - [2004/12/10 08:42:08 | 00,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)
DRV - [2004/11/29 17:51:52 | 00,122,928 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SPCA561.SYS -- (CA561)
DRV - [2004/10/25 15:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/09/17 09:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/23 17:49:30 | 00,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/04 01:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/15 22:52:40 | 00,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/04/13 17:03:46 | 00,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2004/03/05 22:15:34 | 00,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 01,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:38 | 00,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/10/23 03:23:00 | 00,016,848 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctpdusb.sys -- (Jukebox3)
DRV - [2003/09/23 09:42:34 | 00,007,296 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\grmnusb.sys -- (grmnusb)
DRV - [2003/03/05 14:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PfModNT.sys -- (PfModNT)
DRV - [2002/11/08 13:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shmais.com/?select=full
IE - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\S-1-5-21-189993650-3122715053-2090531658-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\S-1-5-21-189993650-3122715053-2090531658-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5
FF - prefs.js..extensions.enabledItems: ubiquity@labs.mozilla.com:0.5.4

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/29 20:41:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/29 20:42:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/01/12 23:30:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/08 11:09:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/08 11:09:09 | 00,000,000 | ---D | M]

[2009/11/20 01:21:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\The Levins\Application Data\Mozilla\Extensions
[2010/01/21 20:59:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\The Levins\Application Data\Mozilla\Firefox\Profiles\3nf9bkhi.default\extensions
[2009/11/28 22:43:09 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\The Levins\Application Data\Mozilla\Firefox\Profiles\3nf9bkhi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/01/14 11:06:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\The Levins\Application Data\Mozilla\Firefox\Profiles\3nf9bkhi.default\extensions\personas@christopher.beard
[2010/01/14 11:07:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\The Levins\Application Data\Mozilla\Firefox\Profiles\3nf9bkhi.default\extensions\ubiquity@labs.mozilla.com
[2007/03/14 00:59:40 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\The Levins\Application Data\Mozilla\Firefox\Profiles\3nf9bkhi.default\searchplugins\siteadvisor.xml
[2010/01/21 20:59:48 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/03/23 12:44:23 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/05/22 21:32:00 | 01,560,576 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2006/01/18 14:50:00 | 00,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2007/05/22 21:14:00 | 00,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2007/05/22 21:17:00 | 00,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

O1 HOSTS File: ([2010/01/12 13:09:50 | 00,371,083 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 12817 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (&Google Notebook) - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--160150756.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Google Notebook) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--160150756.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\..\Toolbar\WebBrowser: (Google Notebook) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--160150756.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-189993650-3122715053-2090531658-1006..\Run: [cdloader] C:\Documents and Settings\The Levins\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-189993650-3122715053-2090531658-1006..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
O4 - HKU\S-1-5-21-189993650-3122715053-2090531658-1006..\Run: [Google Update] C:\Documents and Settings\The Levins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-189993650-3122715053-2090531658-1006..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-189993650-3122715053-2090531658-1006..\Run: [QuickenScheduledUpdates] File not found
O4 - HKU\S-1-5-21-189993650-3122715053-2090531658-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-189993650-3122715053-2090531658-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-189993650-3122715053-2090531658-1006..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Note this (Google Notebook) - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--160150756.dll ()
O8 - Extra context menu item: Note this item (Google Notebook) - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--160150756.dll ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 94 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 94 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\..Trusted Domains: google.com ([video] https in Trusted sites)
O15 - HKU\S-1-5-21-189993650-3122715053-2090531658-1006\..Trusted Domains: 67 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.yorkphoto.com/YorkActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.mychabad.org/admin/Publishing/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
O24 - Desktop Components:0 () - http://onlysimchas.com/pix/g25830/238974.jpg
O24 - Desktop Components:1 () - file:///C:/DOCUME~1/THELEV~1/LOCALS~1/Temp/msohtml1/01/clip_image003.gif
O24 - Desktop Components:2 () - http://www.shmais.com/images/largepics/left_941.jpg
O24 - Desktop Components:3 () - file:///C:/DOCUME~1/THELEV~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:4 () - http://www.shmaisradio.com/images/shmaisindex_9.jpg
O24 - Desktop Components:5 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\The Levins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\The Levins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - C:\Program Files\Greatis\RegRunSuite\RRShell.dll (Greatis Software, LLC)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{07659738-1ade-11dc-972a-0013202d28f7}\Shell\AutoRun\command - "" = readme.exepy.exe
O33 - MountPoints2\{8dd9f7c0-c4e2-11de-975d-002275765e27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8dd9f7c0-c4e2-11de-975d-002275765e27}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{8dd9f7c0-c4e2-11de-975d-002275765e27}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{ac951905-db8a-11d9-962a-806d6172696f}\Shell\PlayWithPowerDVD\Command - "" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe -- [2005/02/23 16:21:50 | 00,327,680 | ---- | M] (CyberLink Corp.)
O33 - MountPoints2\{cb335bbe-2337-11dc-9735-0013202d28f7}\Shell - "" = AutoRun
O33 - MountPoints2\{cb335bbe-2337-11dc-9735-0013202d28f7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cb335bbe-2337-11dc-9735-0013202d28f7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/21 19:20:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/01/21 08:36:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/01/17 16:13:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/01/17 16:13:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Levins\My Documents\Cyberlink
[2010/01/13 16:02:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Levins\My Documents\Downloads
[2010/01/13 00:31:11 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/01/13 00:24:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Levins\My Documents\Program files
[2010/01/13 00:16:01 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/01/12 23:30:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/12 23:27:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Levins\Local Settings\Application Data\Deployment
[2010/01/12 23:11:13 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/11 19:27:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/01/10 23:53:43 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/10 22:58:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/01/08 02:41:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Levins\Application Data\Sunbelt
[2010/01/08 02:41:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2010/01/08 02:33:13 | 00,203,056 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2010/01/08 02:32:40 | 00,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2010/01/08 01:40:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Levins\Application Data\Malwarebytes
[2010/01/08 01:39:57 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/08 01:39:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/08 01:39:45 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/08 01:39:45 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/08 01:09:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2010/01/08 01:09:36 | 00,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2010/01/03 14:07:45 | 00,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010/01/03 14:06:22 | 00,000,000 | ---D | C] -- C:\Program Files\RegRun2
[2010/01/03 14:05:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\regruninfo
[2010/01/03 14:04:55 | 00,000,000 | ---D | C] -- C:\Program Files\Greatis
[2009/12/30 19:47:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Levins\Local Settings\Application Data\AVG Security Toolbar
[2009/12/30 14:35:48 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/12/30 14:35:19 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/12/30 14:35:19 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/12/30 14:34:04 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/12/30 14:33:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/12/30 14:33:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/12/30 14:33:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Levins\Application Data\PC Tools
[2009/12/30 14:33:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/12/29 20:43:11 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/12/29 20:42:46 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/12/29 20:42:46 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/12/29 20:42:20 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/12/29 20:42:20 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/12/29 20:42:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/12/29 20:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/12/29 20:41:14 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/12/29 20:41:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/29 20:38:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/29 20:38:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/29 20:38:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/29 20:38:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/27 14:15:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Levins\ErrorLogs
[2009/11/19 20:17:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/11/02 06:32:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Threat Expert
[2009/11/02 06:32:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2007/04/26 19:54:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2005/07/23 20:34:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/08/25 14:22:08 | 00,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/21 23:34:00 | 00,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/21 23:14:20 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\Klar Judaica Store.doc
[2010/01/21 22:38:01 | 00,063,601 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\mushkys lchaim 2 027.JPG
[2010/01/21 22:36:46 | 00,070,546 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\mushkys lchaim 2 031.JPG
[2010/01/21 22:36:40 | 00,065,158 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\mushkys lchaim 2 030.JPG
[2010/01/21 22:36:29 | 00,063,091 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\mushkys lchaim 2 029.JPG
[2010/01/21 11:39:55 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\SHABBOS MENU - Kleins.doc
[2010/01/21 10:23:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-189993650-3122715053-2090531658-1006Core.job
[2010/01/20 20:26:47 | 00,059,331 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\nf_E-02_122545.JPG
[2010/01/20 20:25:42 | 00,070,995 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\nf_1105_142801.JPG
[2010/01/19 14:21:23 | 14,417,920 | ---- | M] () -- C:\Documents and Settings\The Levins\NTUSER.DAT
[2010/01/19 08:26:22 | 48,043,716 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/19 08:23:14 | 00,142,471 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/19 08:19:55 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/19 08:17:16 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/19 08:16:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/19 08:16:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/19 08:16:46 | 53,494,1696 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/18 20:00:00 | 00,000,718 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - The Levins.job
[2010/01/14 11:02:38 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/01/14 09:34:33 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\The Levins\NTUSER.INI
[2010/01/14 09:18:49 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/13 22:30:35 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/13 15:37:54 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\The Levins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/13 00:38:15 | 00,235,832 | ---- | M] () -- C:\Documents and Settings\The Levins\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/12 23:14:52 | 00,000,731 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/01/12 23:12:43 | 00,000,922 | ---- | M] () -- C:\Documents and Settings\The Levins\My Documents\My Sharing Folders.lnk
[2010/01/12 22:48:34 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/01/12 22:48:34 | 00,000,189 | -HS- | M] () -- C:\BOOT.INI
[2010/01/12 13:09:50 | 00,371,083 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/03 14:07:45 | 00,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010/01/03 14:07:06 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/01/03 14:07:06 | 00,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/01/03 14:07:06 | 00,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2009/12/29 20:42:46 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/12/29 20:42:46 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/12/29 20:42:22 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/12/29 20:42:20 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/12/29 20:42:20 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/12/29 20:42:08 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/12/29 20:42:07 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/12/27 14:16:40 | 00,000,709 | ---- | M] () -- C:\Documents and Settings\The Levins\CommandDispatchers.xml
[2009/12/27 14:16:35 | 00,001,366 | ---- | M] () -- C:\Documents and Settings\The Levins\cleaner-config.xml
[2009/12/27 14:10:36 | 02,656,656 | -H-- | M] () -- C:\Documents and Settings\The Levins\Local Settings\Application Data\IconCache.db
[2009/12/25 02:08:01 | 00,000,882 | ---- | M] () -- C:\WINDOWS\ORUN32.INI
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/21 23:14:20 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\The Levins\Desktop\Klar Judaica Store.doc
[2010/01/21 22:38:01 | 00,063,601 | ---- | C] () -- C:\Documents and Settings\The Levins\Desktop\mushkys lchaim 2 027.JPG
[2010/01/21 22:36:45 | 00,070,546 | ---- | C] () -- C:\Documents and Settings\The Levins\Desktop\mushkys lchaim 2 031.JPG
[2010/01/21 22:36:40 | 00,065,158 | ---- | C] () -- C:\Documents and Settings\The Levins\Desktop\mushkys lchaim 2 030.JPG
[2010/01/21 22:36:27 | 00,063,091 | ---- | C] () -- C:\Documents and Settings\The Levins\Desktop\mushkys lchaim 2 029.JPG
[2010/01/21 11:39:54 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\The Levins\Desktop\SHABBOS MENU - Kleins.doc
[2010/01/20 20:26:47 | 00,059,331 | ---- | C] () -- C:\Documents and Settings\The Levins\Desktop\nf_E-02_122545.JPG
[2010/01/20 20:25:40 | 00,070,995 | ---- | C] () -- C:\Documents and Settings\The Levins\Desktop\nf_1105_142801.JPG
[2010/01/19 09:19:38 | 00,000,433 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ShLog.txt
[2010/01/14 11:02:38 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/01/14 11:02:38 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/01/12 23:29:50 | 00,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/03 15:27:16 | 00,011,822 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ShLog.txt
[2010/01/03 14:07:06 | 00,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/01/03 14:06:12 | 00,187,065 | ---- | C] () -- C:\Documents and Settings\The Levins\Local Settings\Application Data\ShLog.txt
[2010/01/03 14:05:02 | 00,057,556 | ---- | C] () -- C:\WINDOWS\guard.bmp
[2009/12/30 14:35:48 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009/12/30 14:35:19 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009/12/30 14:35:19 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/12/30 14:34:04 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2009/12/29 20:42:19 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/12/29 20:42:08 | 48,043,716 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/29 20:42:08 | 00,142,471 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/29 20:42:07 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/12/29 20:42:07 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/12/27 14:16:39 | 00,000,709 | ---- | C] () -- C:\Documents and Settings\The Levins\CommandDispatchers.xml
[2009/12/27 14:16:35 | 00,001,366 | ---- | C] () -- C:\Documents and Settings\The Levins\cleaner-config.xml
[2009/12/27 14:11:29 | 53,494,1696 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/09 00:16:52 | 00,409,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007/09/17 15:55:04 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2007/06/27 12:27:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/06/27 12:27:28 | 00,593,920 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/27 12:27:28 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/27 12:27:27 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/06/27 12:27:27 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/06/25 13:16:01 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/12/22 01:22:03 | 00,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/15 23:54:45 | 00,000,216 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/09/25 12:06:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/06/13 15:02:28 | 00,010,886 | ---- | C] () -- C:\Documents and Settings\The Levins\Application Data\.googlewebacchosts
[2006/05/05 13:42:11 | 00,213,504 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC.dll
[2006/05/05 13:27:33 | 00,000,024 | ---- | C] () -- C:\WINDOWS\System32\synsopos.ini
[2006/03/23 12:44:02 | 00,000,086 | ---- | C] () -- C:\WINDOWS\gbsaver.ini
[2005/12/31 19:31:16 | 00,000,424 | ---- | C] () -- C:\WINDOWS\DSSAR.ini
[2005/12/22 08:13:41 | 00,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2005/12/14 15:54:20 | 00,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2005/11/04 00:07:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/11/02 11:03:15 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/09/18 20:38:29 | 00,000,253 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/09/15 10:38:52 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\D1B20B1615.sys
[2005/09/15 10:29:01 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/08/26 16:21:55 | 00,000,292 | ---- | C] () -- C:\WINDOWS\SCRAMBLE.INI
[2005/08/16 21:10:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2005/08/02 18:59:21 | 00,000,610 | ---- | C] () -- C:\WINDOWS\TYPE!.INI
[2005/07/14 17:08:49 | 00,001,243 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/07/12 16:44:42 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/07/04 16:24:17 | 00,007,631 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2005/06/24 09:38:51 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/22 15:10:28 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\The Levins\Application Data\PFP120JPR.{PB
[2005/06/22 15:10:28 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\The Levins\Application Data\PFP120JCM.{PB
[2005/06/21 19:26:09 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\The Levins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/19 22:04:55 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\The Levins\Local Settings\Application Data\fusioncache.dat
[2005/06/08 18:17:55 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/08 18:13:58 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/08 17:42:54 | 00,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 08:08:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/10 08:42:08 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/08/10 13:13:12 | 00,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 05:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/02 08:32:30 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2004/03/23 18:38:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[1995/03/13 23:22:21 | 00,000,080 | --S- | C] () -- C:\WINDOWS\System32\argtmp39.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
[2010/01/22 00:42:49 | 00,187,468 | ---- | M] () -- C:\Documents and Settings\The Levins\Local Settings\Application Data\ShLog.txt
[2010/01/21 23:34:00 | 00,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/21 23:14:20 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\Klar Judaica Store.doc
[2010/01/21 22:38:01 | 00,063,601 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\mushkys lchaim 2 027.JPG
[2010/01/21 22:36:46 | 00,070,546 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\mushkys lchaim 2 031.JPG
[2010/01/21 22:36:40 | 00,065,158 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\mushkys lchaim 2 030.JPG
[2010/01/21 22:36:29 | 00,063,091 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\mushkys lchaim 2 029.JPG
[2010/01/21 22:19:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/21 20:49:47 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/01/21 11:39:55 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\SHABBOS MENU - Kleins.doc
[2010/01/21 10:23:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-189993650-3122715053-2090531658-1006Core.job
[2010/01/21 08:36:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/01/21 08:17:51 | 00,000,000 | ---D | M] -- C:\Program Files\LogMeIn
[2010/01/20 20:26:47 | 00,059,331 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\nf_E-02_122545.JPG
[2010/01/20 20:25:42 | 00,070,995 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\nf_1105_142801.JPG
[2010/01/19 14:21:23 | 14,417,920 | ---- | M] () -- C:\Documents and Settings\The Levins\NTUSER.DAT
[2010/01/19 10:36:44 | 00,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2010/01/19 09:19:38 | 00,000,433 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ShLog.txt
[2010/01/19 08:52:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\The Levins\Local Settings\Application Data\Google
[2010/01/19 08:40:44 | 00,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2010/01/19 08:19:55 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/19 08:17:16 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/19 08:16:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/19 08:16:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/18 20:00:00 | 00,000,718 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - The Levins.job
[2010/01/14 11:02:38 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/01/14 09:34:33 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\The Levins\NTUSER.INI
[2010/01/14 09:18:49 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/13 15:37:54 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\The Levins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/13 01:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\The Levins\Local Settings\Application Data\Microsoft
[2010/01/13 01:02:43 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/01/13 00:38:15 | 00,235,832 | ---- | M] () -- C:\Documents and Settings\The Levins\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/13 00:16:01 | 00,000,000 | ---D | M] -- C:\Program Files\Panda Security
[2010/01/12 23:30:53 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2010/01/12 23:30:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\The Levins\Local Settings\Application Data\Temp
[2010/01/12 23:30:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/12 23:28:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\The Levins\Local Settings\Application Data\Deployment
[2010/01/12 23:14:52 | 00,000,731 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/01/12 23:12:43 | 00,000,922 | ---- | M] () -- C:\Documents and Settings\The Levins\My Documents\My Sharing Folders.lnk
[2010/01/12 23:09:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/01/12 22:48:34 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/01/12 00:10:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/01/11 19:40:49 | 00,011,822 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ShLog.txt
[2010/01/10 23:53:43 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/01/10 22:58:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/01/08 02:41:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\The Levins\Application Data\Sunbelt
[2010/01/08 02:41:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2010/01/08 02:32:40 | 00,000,000 | ---D | M] -- C:\Program Files\Sunbelt Software
[2010/01/08 01:40:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\The Levins\Application Data\Malwarebytes
[2010/01/08 01:40:11 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/08 01:39:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/08 01:09:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2010/01/08 01:09:40 | 00,000,000 | ---D | M] -- C:\Program Files\Carbonite
[2010/01/03 14:10:30 | 00,000,000 | ---D | M] -- C:\Program Files\RegRun2
[2010/01/03 14:07:06 | 00,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/01/03 14:04:55 | 00,000,000 | ---D | M] -- C:\Program Files\Greatis
[2009/12/30 19:47:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\The Levins\Local Settings\Application Data\AVG Security Toolbar
[2009/12/30 15:33:56 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files\PC Tools
[2009/12/30 14:33:43 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/12/30 14:33:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\The Levins\Application Data\PC Tools
[2009/12/30 14:33:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/12/30 13:53:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/29 20:41:14 | 00,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/12/29 20:38:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/29 20:38:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/29 20:38:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/29 20:38:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/29 20:18:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/12/29 20:14:18 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files\Symantec Shared
[2009/12/29 20:12:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/12/28 19:41:51 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~1
[2009/12/28 19:41:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\The Levins\Application Data\uniblue
[2009/12/28 19:41:02 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2009/12/28 19:41:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/12/28 19:38:02 | 00,000,000 | ---D | M] -- C:\Program Files\Uniblue
[2009/12/27 14:16:40 | 00,000,709 | ---- | M] () -- C:\Documents and Settings\The Levins\CommandDispatchers.xml
[2009/12/27 14:16:35 | 00,001,366 | ---- | M] () -- C:\Documents and Settings\The Levins\cleaner-config.xml
[2009/12/27 14:10:36 | 02,656,656 | -H-- | M] () -- C:\Documents and Settings\The Levins\Local Settings\Application Data\IconCache.db
[2009/12/25 16:10:07 | 00,409,512 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/25 02:08:01 | 00,000,882 | ---- | M] () -- C:\WINDOWS\ORUN32.INI
[2009/11/19 20:17:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/11/02 06:32:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Threat Expert
[2009/11/02 06:32:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2009/11/01 21:25:39 | 00,235,832 | ---- | M] () -- C:\Documents and Settings\The Levins\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/12/28 01:26:27 | 00,001,362 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/06/21 12:12:26 | 00,010,886 | ---- | M] () -- C:\Documents and Settings\The Levins\Application Data\.googlewebacchosts
[2007/04/26 19:54:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2006/06/29 14:58:52 | 00,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 00,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/09/18 20:38:34 | 00,000,253 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/07/23 20:34:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2005/06/22 15:10:28 | 00,061,678 | ---- | M] () -- C:\Documents and Settings\The Levins\Application Data\PFP120JPR.{PB
[2005/06/22 15:10:28 | 00,012,358 | ---- | M] () -- C:\Documents and Settings\The Levins\Application Data\PFP120JCM.{PB
[2005/06/19 22:04:55 | 00,000,133 | ---- | M] () -- C:\Documents and Settings\The Levins\Local Settings\Application Data\fusioncache.dat
[2004/08/10 12:57:42 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\The Levins\Application Data\DESKTOP.INI
[2004/08/10 12:57:42 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/21 23:34:00 | 00,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/21 23:14:20 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\Klar Judaica Store.doc
[2010/01/21 22:38:01 | 00,063,601 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\mushkys lchaim 2 027.JPG
[2010/01/21 22:36:46 | 00,070,546 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\mushkys lchaim 2 031.JPG
[2010/01/21 22:36:40 | 00,065,158 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\mushkys lchaim 2 030.JPG
[2010/01/21 22:36:29 | 00,063,091 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\mushkys lchaim 2 029.JPG
[2010/01/21 11:39:55 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\SHABBOS MENU - Kleins.doc
[2010/01/21 10:23:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-189993650-3122715053-2090531658-1006Core.job
[2010/01/20 20:26:47 | 00,059,331 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\nf_E-02_122545.JPG
[2010/01/20 20:25:42 | 00,070,995 | ---- | M] () -- C:\Documents and Settings\The Levins\Desktop\nf_1105_142801.JPG
[2010/01/19 14:21:23 | 14,417,920 | ---- | M] () -- C:\Documents and Settings\The Levins\NTUSER.DAT
[2010/01/19 08:26:22 | 48,043,716 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/19 08:23:14 | 00,142,471 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/19 08:19:55 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/19 08:17:16 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/19 08:16:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/19 08:16:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/19 08:16:46 | 53,494,1696 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/18 20:00:00 | 00,000,718 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - The Levins.job
[2010/01/14 11:02:38 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/01/14 09:34:33 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\The Levins\NTUSER.INI
[2010/01/14 09:18:49 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/13 22:30:35 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/13 15:37:54 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\The Levins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/13 00:38:15 | 00,235,832 | ---- | M] () -- C:\Documents and Settings\The Levins\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/12 23:14:52 | 00,000,731 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/01/12 23:12:43 | 00,000,922 | ---- | M] () -- C:\Documents and Settings\The Levins\My Documents\My Sharing Folders.lnk
[2010/01/12 22:48:34 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/01/12 22:48:34 | 00,000,189 | -HS- | M] () -- C:\BOOT.INI
[2010/01/12 13:09:50 | 00,371,083 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/03 14:07:45 | 00,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010/01/03 14:07:06 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/01/03 14:07:06 | 00,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/01/03 14:07:06 | 00,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2009/12/29 20:42:46 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/12/29 20:42:46 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/12/29 20:42:22 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/12/29 20:42:20 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/12/29 20:42:20 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/12/29 20:42:08 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/12/29 20:42:07 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/12/27 14:16:40 | 00,000,709 | ---- | M] () -- C:\Documents and Settings\The Levins\CommandDispatchers.xml
[2009/12/27 14:16:35 | 00,001,366 | ---- | M] () -- C:\Documents and Settings\The Levins\cleaner-config.xml
[2009/12/27 14:10:36 | 02,656,656 | -H-- | M] () -- C:\Documents and Settings\The Levins\Local Settings\Application Data\IconCache.db
[2009/12/25 02:08:01 | 00,000,882 | ---- | M] () -- C:\WINDOWS\ORUN32.INI
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >


OTL Extras logfile created on: 1/22/2010 12:38:09 AM - Run 1
OTL by OldTimer - Version 3.1.25.4 Folder = C:\Documents and Settings\The Levins\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 112.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 34.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.17 Gb Total Space | 1.17 Gb Free Space | 1.65% Space Free | Partition Type: NTFS
Drive D: | 2.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D4VN6P71
Current User Name: The Levins
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-189993650-3122715053-2090531658-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Disabled:javaw -- File not found
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\GameHouse\TextTwist\TextTwist.exe" = C:\Program Files\GameHouse\TextTwist\TextTwist.exe:*:Disabled:Super TextTwist -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\The Levins\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\The Levins\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Camera Window DVC
"{001EB665-D9EC-415E-9E13-AD2125B2B992}" = RAW Image Task 2.1
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}" = iTunes
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18525F55-9B32-4D49-BF03-D53B17A49D97}" = DellConnect
"{19409A31-DF7B-4E6A-BF9D-057A7D24EF0E}" = LogMeIn
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{244C63A8-035D-4D17-80B8-3E344DA306BD}" = VIPRE Antivirus + Antispyware
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4DDBC569-CBA6-42A8-826D-BEAC3855E2EC}" = Picaboo Baby Boy Scrapbook Theme
"{4EABF2A9-961A-446A-83B1-98D9E53CF365}" = ClickArt 400,000
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5301C483-40FB-4F94-B56E-D7D5A114D2F6}" = Garmin City Navigator North America NT v8
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{556DF27F-5B74-11D5-B876-004005E12EF1}" = GPSoftware Directory Opus
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}" = Paint.NET v3.10
"{613C45F7-DC42-472F-8A63-E26D676EB392}" = Picaboo 1.8.216
"{6259F28B-6C4A-4259-8A1D-F44794DF73E2}" = Garmin StreetPilot i2/i3 North America
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}" = Canon PhotoRecord
"{66F324A1-BDC0-11D7-9E5C-00D0B76A8705}" = Creative NOMAD Jukebox Zen Xtra
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = MovieEdit Task
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Camera Window DS
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{71907510-82AE-49EA-AA22-D9C703C5A987}" = Garmin City Navigator South Africa v6
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89EB3ED7-225A-412E-B048-623D502C000F}" = Camera Window MC
"{8C525C3E-00C9-4A77-9F76-D22939DB53C0}" = Picaboo 2.5
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA345678-12B4-1C34-12D4-12345678FFEE}" = Google Toolbar for Firefox
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AD6A909B-7FCB-43FD-95D9-D8801B8693C7}" = Data Deposit Box
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CCCCCCD3-666F-4F81-8B69-745DE9F6D897}" = Google Notebook for Internet Explorer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup
"{DD3912D6-F9FF-4042-A062-65354D6D9024}" = LogMeIn
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"Carbonite Backup" = Carbonite
"Chabad Library" = Chabad Library
"Creative Jukebox Driver" = Creative Jukebox Driver
"Cubase SX" = Steinberg Cubase SX
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Google Pack Screensaver" = Google Pack Screensaver
"Google Updater" = Google Updater
"GoogleVideoPlayer" = Google Video Player
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"InstallShield_{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{89EB3ED7-225A-412E-B048-623D502C000F}" = Canon Camera Window MC 5 for ZoomBrowser EX
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.0 Full
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miro" = BitZip - Powered by Miro
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"Pocket Tunes" = Pocket Tunes 4.0.2
"RealPlayer 6.0" = RealPlayer
"Spyware Doctor" = Spyware Doctor 7.0
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"TD AMERITRADE StrategyDesk 1.0" = TD AMERITRADE StrategyDesk 1.0
"Vestos" = Vestos
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-189993650-3122715053-2090531658-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/16/2010 6:21:09 PM | Computer Name = D4VN6P71 | Source = Google Update | ID = 20
Description =

Error - 1/16/2010 7:12:43 PM | Computer Name = D4VN6P71 | Source = Google Update | ID = 20
Description =

Error - 1/16/2010 7:20:25 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 7:20:27 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 7:20:30 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 7:21:56 PM | Computer Name = D4VN6P71 | Source = Google Update | ID = 20
Description =

Error - 1/17/2010 12:40:15 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2010 9:49:53 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2010 4:26:18 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 7.5.0.20, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/22/2010 12:15:06 AM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 1/16/2010 6:21:09 PM | Computer Name = D4VN6P71 | Source = Google Update | ID = 20
Description =

Error - 1/16/2010 7:12:43 PM | Computer Name = D4VN6P71 | Source = Google Update | ID = 20
Description =

Error - 1/16/2010 7:20:25 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 7:20:27 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 7:20:30 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 7:21:56 PM | Computer Name = D4VN6P71 | Source = Google Update | ID = 20
Description =

Error - 1/17/2010 12:40:15 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2010 9:49:53 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2010 4:26:18 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 7.5.0.20, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/22/2010 12:15:06 AM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 1/16/2010 6:21:09 PM | Computer Name = D4VN6P71 | Source = Google Update | ID = 20
Description =

Error - 1/16/2010 7:12:43 PM | Computer Name = D4VN6P71 | Source = Google Update | ID = 20
Description =

Error - 1/16/2010 7:20:25 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 7:20:27 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 7:20:30 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 7:21:56 PM | Computer Name = D4VN6P71 | Source = Google Update | ID = 20
Description =

Error - 1/17/2010 12:40:15 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2010 9:49:53 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2010 4:26:18 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 7.5.0.20, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/22/2010 12:15:06 AM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/18/2010 2:33:37 PM | Computer Name = D4VN6P71 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avg9wd service.

Error - 1/18/2010 10:22:04 PM | Computer Name = D4VN6P71 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 1/19/2010 9:17:46 AM | Computer Name = D4VN6P71 | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2

Error - 1/19/2010 9:43:59 AM | Computer Name = D4VN6P71 | Source = VolSnap | ID = 393228
Description = The shadow copy of volume C: became low on diff area space before
it was properly installed.

Error - 1/19/2010 9:44:43 AM | Computer Name = D4VN6P71 | Source = VolSnap | ID = 393241
Description = The shadow copy of volume C: was aborted because the diff area file
could not grow in time. Consider reducing the IO load on this system to avoid this
problem in the future.

Error - 1/19/2010 9:51:08 AM | Computer Name = D4VN6P71 | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/19/2010 9:51:57 AM | Computer Name = D4VN6P71 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PC Tools Security Service
service to connect.

Error - 1/19/2010 9:51:57 AM | Computer Name = D4VN6P71 | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%1053

Error - 1/19/2010 11:37:56 AM | Computer Name = D4VN6P71 | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 2 time(s).

Error - 1/21/2010 9:17:52 AM | Computer Name = D4VN6P71 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-189993650-3122715053-2090531658-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Disabled:javaw -- File not found
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\GameHouse\TextTwist\TextTwist.exe" = C:\Program Files\GameHouse\TextTwist\TextTwist.exe:*:Disabled:Super TextTwist -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\The Levins\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\The Levins\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Camera Window DVC
"{001EB665-D9EC-415E-9E13-AD2125B2B992}" = RAW Image Task 2.1
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}" = iTunes
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18525F55-9B32-4D49-BF03-D53B17A49D97}" = DellConnect
"{19409A31-DF7B-4E6A-BF9D-057A7D24EF0E}" = LogMeIn
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{244C63A8-035D-4D17-80B8-3E344DA306BD}" = VIPRE Antivirus + Antispyware
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4DDBC569-CBA6-42A8-826D-BEAC3855E2EC}" = Picaboo Baby Boy Scrapbook Theme
"{4EABF2A9-961A-446A-83B1-98D9E53CF365}" = ClickArt 400,000
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5301C483-40FB-4F94-B56E-D7D5A114D2F6}" = Garmin City Navigator North America NT v8
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{556DF27F-5B74-11D5-B876-004005E12EF1}" = GPSoftware Directory Opus
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}" = Paint.NET v3.10
"{613C45F7-DC42-472F-8A63-E26D676EB392}" = Picaboo 1.8.216
"{6259F28B-6C4A-4259-8A1D-F44794DF73E2}" = Garmin StreetPilot i2/i3 North America
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}" = Canon PhotoRecord
"{66F324A1-BDC0-11D7-9E5C-00D0B76A8705}" = Creative NOMAD Jukebox Zen Xtra
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = MovieEdit Task
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Camera Window DS
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{71907510-82AE-49EA-AA22-D9C703C5A987}" = Garmin City Navigator South Africa v6
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89EB3ED7-225A-412E-B048-623D502C000F}" = Camera Window MC
"{8C525C3E-00C9-4A77-9F76-D22939DB53C0}" = Picaboo 2.5
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA345678-12B4-1C34-12D4-12345678FFEE}" = Google Toolbar for Firefox
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AD6A909B-7FCB-43FD-95D9-D8801B8693C7}" = Data Deposit Box
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CCCCCCD3-666F-4F81-8B69-745DE9F6D897}" = Google Notebook for Internet Explorer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup
"{DD3912D6-F9FF-4042-A062-65354D6D9024}" = LogMeIn
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"Carbonite Backup" = Carbonite
"Chabad Library" = Chabad Library
"Creative Jukebox Driver" = Creative Jukebox Driver
"Cubase SX" = Steinberg Cubase SX
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Google Pack Screensaver" = Google Pack Screensaver
"Google Updater" = Google Updater
"GoogleVideoPlayer" = Google Video Player
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"InstallShield_{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{89EB3ED7-225A-412E-B048-623D502C000F}" = Canon Camera Window MC 5 for ZoomBrowser EX
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.0 Full
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miro" = BitZip - Powered by Miro
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"Pocket Tunes" = Pocket Tunes 4.0.2
"RealPlayer 6.0" = RealPlayer
"Spyware Doctor" = Spyware Doctor 7.0
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"TD AMERITRADE StrategyDesk 1.0" = TD AMERITRADE StrategyDesk 1.0
"Vestos" = Vestos
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-189993650-3122715053-2090531658-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/16/2010 6:21:09 PM | Computer Name = D4VN6P71 | Source = Google Update | ID = 20
Description =

Error - 1/16/2010 7:12:43 PM | Computer Name = D4VN6P71 | Source = Google Update | ID = 20
Description =

Error - 1/16/2010 7:20:25 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 7:20:27 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 7:20:30 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 7:21:56 PM | Computer Name = D4VN6P71 | Source = Google Update | ID = 20
Description =

Error - 1/17/2010 12:40:15 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2010 9:49:53 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2010 4:26:18 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 7.5.0.20, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/22/2010 12:15:06 AM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 1/16/2010 6:21:09 PM | Computer Name = D4VN6P71 | Source = Google Update | ID = 20
Description =

Error - 1/16/2010 7:12:43 PM | Computer Name = D4VN6P71 | Source = Google Update | ID = 20
Description =

Error - 1/16/2010 7:20:25 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 7:20:27 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 7:20:30 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 7:21:56 PM | Computer Name = D4VN6P71 | Source = Google Update | ID = 20
Description =

Error - 1/17/2010 12:40:15 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2010 9:49:53 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2010 4:26:18 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 7.5.0.20, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/22/2010 12:15:06 AM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 1/16/2010 6:21:09 PM | Computer Name = D4VN6P71 | Source = Google Update | ID = 20
Description =

Error - 1/16/2010 7:12:43 PM | Computer Name = D4VN6P71 | Source = Google Update | ID = 20
Description =

Error - 1/16/2010 7:20:25 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 7:20:27 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 7:20:30 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 7:21:56 PM | Computer Name = D4VN6P71 | Source = Google Update | ID = 20
Description =

Error - 1/17/2010 12:40:15 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2010 9:49:53 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2010 4:26:18 PM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 7.5.0.20, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/22/2010 12:15:06 AM | Computer Name = D4VN6P71 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/18/2010 2:33:37 PM | Computer Name = D4VN6P71 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avg9wd service.

Error - 1/18/2010 10:22:04 PM | Computer Name = D4VN6P71 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 1/19/2010 9:17:46 AM | Computer Name = D4VN6P71 | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2

Error - 1/19/2010 9:43:59 AM | Computer Name = D4VN6P71 | Source = VolSnap | ID = 393228
Description = The shadow copy of volume C: became low on diff area space before
it was properly installed.

Error - 1/19/2010 9:44:43 AM | Computer Name = D4VN6P71 | Source = VolSnap | ID = 393241
Description = The shadow copy of volume C: was aborted because the diff area file
could not grow in time. Consider reducing the IO load on this system to avoid this
problem in the future.

Error - 1/19/2010 9:51:08 AM | Computer Name = D4VN6P71 | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/19/2010 9:51:57 AM | Computer Name = D4VN6P71 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PC Tools Security Service
service to connect.

Error - 1/19/2010 9:51:57 AM | Computer Name = D4VN6P71 | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%1053

Error - 1/19/2010 11:37:56 AM | Computer Name = D4VN6P71 | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 2 time(s).

Error - 1/21/2010 9:17:52 AM | Computer Name = D4VN6P71 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.


< End of report >




#4 zanvill

zanvill
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 22 January 2010 - 01:17 AM

Whew!! WHAT is that HOSTS file?? looks nasty and freaky!! should I just delete it?

btw you can see I have so many antispyware programs. I don't usually have all of those, just now I tried them all because of our situation.

Thanks

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:44 PM

Posted 22 January 2010 - 12:45 PM

Hi,

don't delete the hosts-file. smile.gif For one it is a part of windows and second the entries you see listed are actually protecting you. Taking the first entry 007guard.com used to be a site serving malware. It is simply unreachable because of the entries in the hosts file. The entries you see there were added by Spybot's immunize function.

Please also provide a scan from gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 zanvill

zanvill
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 27 January 2010 - 06:51 PM

I ran Gmer twice, each time it progressed a bit further but eventually froze and froze the computer. Unfortunately I cannot start in safe mode for some reason - when I try I get the "blue screen" saying windows shut down the comp to protect it.. I can give you more details re that error screen if necessary.. what should I do now? keep trying in regular mode?? btw the comp seems to be getting slower and slower

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:44 PM

Posted 29 January 2010 - 11:47 AM

Hi,

please run the following two tools instead:

Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.

And run a scan with RootRepeal as well:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 zanvill

zanvill
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 04 February 2010 - 12:24 AM

ever since I tried Gmer I cannot load my computer without it freezing after one or two commands. I managed to download mbr but now when I simply try to open firefox the computer will freeze completely...?

Edited by zanvill, 04 February 2010 - 12:25 AM.


#9 zanvill

zanvill
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 04 February 2010 - 02:59 PM

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys >>UNKNOWN [0x8A880841]<<
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x094FE9BD
malicious code @ sector 0x094FE9C0 !
PE file found in sector at 0x094FE9D6 !


#10 zanvill

zanvill
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 04 February 2010 - 03:45 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/02/04 15:06
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA3E1F000 Size: 749568 File Visible: No Signed: -
Status: -

Name: mbr.sys
Image Path: C:\DOCUME~1\THELEV~1\LOCALS~1\Temp\mbr.sys
Address: 0xBA448000 Size: 20864 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA10AD000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\perflib_perfdata_558.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\perflib_perfdata_a44.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\perflib_perfdata_680.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\perflib_perfdata_6f4.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\perflib_perfdata_8bc.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\perflib_perfdata_934.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\all users\application data\spybot - search & destroy\proccache.sbc
Status: Size mismatch (API: 64706, Raw: 64672)

Path: c:\documents and settings\the levins\local settings\temp\perflib_perfdata_1324.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\the levins\local settings\temp\etilqs_akctyehnw8cpyp1o0tkz
Status: Allocation size mismatch (API: 8192, Raw: 0)

Path: c:\documents and settings\the levins\local settings\temp\etilqs_qf07jutdvrzsek3dkpee
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
Status: Allocation size mismatch (API: 266240, Raw: 253952)

Path: C:\Documents and Settings\The Levins\Local Settings\Apps\2.0\KW1K3ZO8.20P\1V1A0ETZ.MKO\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\The Levins\Local Settings\Apps\2.0\KW1K3ZO8.20P\1V1A0ETZ.MKO\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xb9ddce52

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xb9dbdcde

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xb9dbded0

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xb9ddd640

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xb9ddd8f4

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xb9ddbb44

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xb9dddd60

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xb9ddd112

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xb9dbd984

Stealth Objects
-------------------
Object: Hidden Code [ETHREAD: 0x895c0bc0]
Process: System Address: 0x8921eeab Size: 253

==EOF==

#11 zanvill

zanvill
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 04 February 2010 - 03:48 PM

what i did is i started in "debugging mode". I don't know what that is but at least it works the comp seems much faster and isn't freezing

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:44 PM

Posted 05 February 2010 - 12:15 PM

Hi,

the log from mbr suggest a rather nasty rootkit infection.


This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 zanvill

zanvill
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 06 February 2010 - 08:02 PM

WOW!!! I'm a bit freaked out now!! anyway to KNOW what they have already done?

TODAY, my wife's gmail account was sending emails to everyone, using her name, saying she is in london and please send money!! We tried to log in and her password was changed.. could it be because of this?

I would rather be completely clear, i.e. reformat, but will I be able to save my files first by taking them off onto a separate drive, or is it possible for some of those files to be infected? Should we first clean, remove files, then format?

Many files are backed up online but not all (incl pics vids music docs etc...)

#14 zanvill

zanvill
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 08 February 2010 - 01:59 AM

I ran combofix, successfully it seems .. though as soon as I saved the text file my computer froze!!

I'm emailing from my laptop

ComboFix 10-02-07.06 - The Levins 02/08/2010 1:25.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1534.1022 [GMT -5:00]
Running from: c:\documents and settings\The Levins\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\EventSystem.log
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SHELLLNK.TLB
c:\windows\system32\Thumbs.db
c:\windows\system32\wpcap.dll
c:\windows\Temp\53035070.dll

Infected copy of c:\windows\system32\drivers\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-01-08 to 2010-02-08 )))))))))))))))))))))))))))))))
.

2010-01-31 15:49 . 2010-01-31 15:49 77312 ----a-w- C:\mbr.exe
2010-01-31 00:13 . 2010-01-31 00:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn
2010-01-27 04:26 . 2010-01-27 04:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ICS
2010-01-26 20:45 . 2010-01-26 20:45 -------- d-----w- c:\documents and settings\The Levins\Application Data\AVG9
2010-01-26 19:26 . 2010-01-26 19:26 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-17 21:13 . 2010-01-21 08:51 -------- d-----w- c:\windows\system32\NtmsData
2010-01-13 05:31 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-13 05:16 . 2010-01-13 05:16 -------- d-----w- c:\program files\Panda Security
2010-01-13 04:27 . 2010-01-13 04:28 -------- d-----w- c:\documents and settings\The Levins\Local Settings\Application Data\Deployment
2010-01-11 04:53 . 2010-01-11 04:53 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 06:24 . 2009-12-30 19:33 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-08 06:05 . 2006-12-28 20:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-08 05:32 . 2006-01-26 13:36 -------- d-----w- c:\program files\LogMeIn
2010-01-26 19:26 . 2007-03-15 21:16 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-19 13:40 . 2006-12-28 20:32 -------- d-----w- c:\program files\SpywareBlaster
2010-01-18 18:29 . 2010-01-18 18:32 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-01-18 18:29 . 2009-12-30 13:57 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-13 06:02 . 2005-06-08 23:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-13 04:30 . 2005-07-22 15:51 -------- d-----w- c:\program files\Google
2010-01-13 04:09 . 2007-11-06 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-01-12 05:10 . 2009-12-30 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-01-08 07:41 . 2010-01-08 07:41 -------- d-----w- c:\documents and settings\The Levins\Application Data\Sunbelt
2010-01-08 07:41 . 2010-01-08 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2010-01-08 07:32 . 2010-01-08 07:32 -------- d-----w- c:\program files\Sunbelt Software
2010-01-08 06:40 . 2010-01-08 06:40 -------- d-----w- c:\documents and settings\The Levins\Application Data\Malwarebytes
2010-01-08 06:40 . 2010-01-08 06:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 06:39 . 2010-01-08 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-08 06:09 . 2010-01-08 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Carbonite
2010-01-08 06:09 . 2010-01-08 06:09 -------- d-----w- c:\program files\Carbonite
2010-01-07 21:07 . 2010-01-08 06:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2010-01-08 06:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2010-01-05 10:00 1434511 ----a-w- c:\windows\system32\apiorshea.dll
2010-01-05 10:00 . 2004-08-04 10:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-03 19:10 . 2010-01-03 19:06 -------- d-----w- c:\program files\RegRun2
2010-01-03 19:07 . 2010-01-03 19:07 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-01-03 19:07 . 2010-01-03 19:07 2 --shatr- c:\windows\winstart.bat
2010-01-03 19:04 . 2010-01-03 19:04 -------- d-----w- c:\program files\Greatis
2009-12-30 18:53 . 2009-12-30 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-30 01:42 . 2009-12-30 01:42 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-30 01:42 . 2009-12-30 01:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-30 01:42 . 2009-12-30 01:42 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-30 01:42 . 2009-12-30 01:42 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-30 01:41 . 2009-12-30 01:41 -------- d-----w- c:\program files\AVG
2009-12-30 01:18 . 2009-11-20 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-12-30 01:14 . 2007-06-27 18:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-30 01:12 . 2009-11-20 08:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-12-29 00:41 . 2009-12-09 04:45 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~1
2009-12-29 00:41 . 2009-12-09 04:47 -------- d-----w- c:\documents and settings\The Levins\Application Data\uniblue
2009-12-29 00:41 . 2009-12-09 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-12-29 00:41 . 2009-12-09 04:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2009-12-29 00:38 . 2009-12-09 04:46 -------- d-----w- c:\program files\Uniblue
2009-12-26 23:52 . 2009-12-22 20:29 90112 ----a-w- c:\windows\DUMP7f22.tmp
2009-12-25 21:10 . 2009-12-09 05:16 409512 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-22 18:23 . 2005-06-08 22:56 98304 ----a-w- c:\windows\DUMP8741.tmp
2009-12-21 00:45 . 2005-08-18 11:39 -------- d-----w- c:\program files\Picasa2
2009-12-18 05:11 . 2009-12-18 05:11 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-09 04:45 . 2009-12-09 04:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-09 04:44 . 2009-12-09 04:44 152576 ----a-w- c:\documents and settings\The Levins\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-09 04:42 . 2009-12-09 04:42 79488 ----a-w- c:\documents and settings\The Levins\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-30 04:31 . 2009-11-30 04:31 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-11-25 18:01 . 2010-01-12 05:10 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-11-21 16:36 . 2004-08-04 10:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 16:48 . 2009-12-02 22:15 872960 ----a-w- c:\documents and settings\The Levins\Application Data\Mozilla\Firefox\Profiles\3nf9bkhi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 16:48 . 2009-12-02 22:15 43008 ----a-w- c:\documents and settings\The Levins\Application Data\Mozilla\Firefox\Profiles\3nf9bkhi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 16:48 . 2009-12-02 22:15 340480 ----a-w- c:\documents and settings\The Levins\Application Data\Mozilla\Firefox\Profiles\3nf9bkhi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 16:48 . 2009-12-02 22:15 346624 ----a-w- c:\documents and settings\The Levins\Application Data\Mozilla\Firefox\Profiles\3nf9bkhi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2007-05-23 02:14 . 2007-02-16 21:45 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-05-23 02:17 . 2007-02-16 21:45 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2005-09-17 00:56 . 2005-09-15 15:38 56 -csh--r- c:\windows\SYSTEM32\D1B20B1615.sys
2005-09-17 00:56 . 2005-09-15 15:29 3350 -csha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]
"Directory Opus Desktop Dblclk"="c:\program files\GPSoftware\Directory Opus\dopusrt.exe" [2007-05-25 276248]
"cdloader"="c:\documents and settings\The Levins\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\The Levins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-17 135664]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-09 149280]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-12-03 670864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2006-11-3 1585152]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2007-05-25 694024]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= "c:\progra~1\Greatis\REGRUN~1\RRShell.dll" [2009-04-06 335943]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-30 01:42 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-29 00:34 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Data Deposit Box.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Data Deposit Box.lnk
backup=c:\windows\pss\Data Deposit Box.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 18:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-04-17 21:03 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBAMTray]
2009-10-27 19:33 959824 ----a-w- c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2007-06-13 23:51 193424 ----a-w- c:\documents and settings\The Levins\Application Data\Smilebox\SmileboxTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"SBAMSvc"=2 (0x2)
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\The Levins\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [1/13/2010 12:31 AM 28552]
R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [12/30/2009 2:35 PM 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [12/29/2009 8:42 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [12/29/2009 8:42 PM 360584]
R1 SBRE;SBRE;c:\windows\SYSTEM32\DRIVERS\SBREDrv.sys [10/13/2009 9:22 AM 95024]
R1 sbtis;sbtis;c:\windows\SYSTEM32\DRIVERS\sbtis.sys [1/8/2010 2:33 AM 203056]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/29/2009 8:41 PM 285392]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10/29/2009 12:27 PM 1074568]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [6/7/2007 11:27 AM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\SYSTEM32\DRIVERS\LMIRfsDriver.sys [6/7/2007 11:27 AM 47640]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/12/2010 11:29 PM 135664]
S3 RegGuard;RegGuard;c:\windows\SYSTEM32\DRIVERS\regguard.sys [1/3/2010 2:07 PM 24416]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [10/27/2009 2:31 PM 1012080]
.
Contents of the 'Scheduled Tasks' folder

2010-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-13 04:28]

2010-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-189993650-3122715053-2090531658-1006Core.job
- c:\documents and settings\The Levins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-17 15:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.shmais.com/?select=full
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Note this (Google Notebook) - c:\program files\Google\Google Notebook\gnotes1.0.2.19--160150756.dll/gn_menu1.html
IE: Note this item (Google Notebook) - c:\program files\Google\Google Notebook\gnotes1.0.2.19--160150756.dll/gn_menu2.html
Trusted Zone: google.com\video
FF - ProfilePath - c:\documents and settings\The Levins\Application Data\Mozilla\Firefox\Profiles\3nf9bkhi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\documents and settings\The Levins\Application Data\Mozilla\Firefox\Profiles\3nf9bkhi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\The Levins\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\1.1.454.29157\npCIDetect4.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-QuickenScheduledUpdates - \bagent.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 01:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89AAF930]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba16cfc3
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9e487b4
\Driver\iaStor -> iaStor.sys @ 0xb9e62f80
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> 0x896b9330
PacketIndicateHandler -> NDIS.sys @ 0xb9cd4a0b
SendHandler -> NDIS.sys @ 0xb9ce8b31
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(2324)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\windows\system32\CTSvcCDA.EXE
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\The Levins\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-02-08 01:50:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-08 06:50

Pre-Run: 2,279,264,256 bytes free
Post-Run: 5,831,479,296 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="XP Home OLD" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 65E3F6187CB230E302C87631C83961E1


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:44 PM

Posted 08 February 2010 - 12:44 PM

Hi,

there is on way of knowing what they already did and what not. If you wish to backup data you should be safe when folloiwing the following guidelines:
You can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, and .html) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. After reformatting, scan the backed up data with your anti-virus prior to to copying it back to your hard drive.
I'm not sure I understand what you said regarding the ComboFix log: Did you post it from the laptop because the other PC is no longer booting?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users