Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware and random reboots


  • This topic is locked This topic is locked
30 replies to this topic

#1 neonfire999

neonfire999

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 12 January 2010 - 12:48 AM

I have been getting these random reboots and some malware. my avg anti-virus always says that the e-mail scanner is inactive and won't run a scan and when i try to run spybot, it gives me an error and makes it so i can't remove it either.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Ben at 23:58:12.35 on Mon 01/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.66 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\eBoostr\EBstrSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\OpenOffice.org 3\program\swriter.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileBackup.exe
C:\Documents and Settings\Ben\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWin.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1308.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1308.0\msneshellx.dll
TB: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {0cca191d-13a6-4e29-b746-314dee697d83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5d6f45b3-9043-443d-a792-115447494d24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232071744381
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ben\applic~1\mozilla\firefox\profiles\w3x0jrhr.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - component: c:\documents and settings\ben\application data\mozilla\firefox\profiles\w3x0jrhr.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\ben\application data\mozilla\firefox\profiles\w3x0jrhr.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-9-24 19592]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-8-18 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-8-18 5248]
R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [2009-1-28 125544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-15 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-15 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-15 108552]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-2-20 54752]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-1-31 28672]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S1 e77b25f3;e77b25f3;c:\windows\system32\drivers\e77b25f3.sys [2009-1-25 0]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\g:\portableapps\virtualcdportable\vcdrom.sys --> g:\portableapps\virtualcdportable\VCdRom.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2009-9-24 22528]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2009-6-17 25480]
S3 maestro;ESS Maestro Audio Driver (WDM);c:\windows\system32\drivers\maestro.sys [2009-6-15 48768]
S3 ndfs;ndfs;\??\c:\program files\netdrive\ndfs.sys --> c:\program files\netdrive\ndfs.sys [?]

=============== Created Last 30 ================

2010-01-12 04:17:32 522177 ----a-w- C:\iTunes Library 2008-10-09.itl
2010-01-12 02:58:59 2580512 ----a-w- C:\iTunes Library 2008-10-09.xml
2010-01-09 03:15:48 0 d-----w- c:\program files\Roni Music
2010-01-04 03:27:44 0 d-----w- c:\program files\Power Tab Software
2010-01-03 13:57:20 0 d-sh--w- C:\found.000
2009-12-29 04:46:02 0 d-----w- c:\program files\Project64 1.6
2009-12-29 02:15:56 0 d-----w- c:\program files\Softick
2009-12-28 23:53:41 0 d-----w- c:\documents and settings\ben\Bluetooth Software
2009-12-28 23:48:45 47272 ----a-w- c:\windows\system32\drivers\btwusb.sys
2009-12-28 23:48:44 57384 ----a-w- c:\windows\system32\drivers\btwhid.sys
2009-12-28 23:48:44 156392 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2009-12-28 23:48:43 106557 ----a-w- c:\windows\system32\btw_ci.dll
2009-12-28 23:48:42 37160 ----a-w- c:\windows\system32\drivers\btport.sys
2009-12-28 23:48:40 991400 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2009-12-28 23:48:36 534568 ----a-w- c:\windows\system32\drivers\btaudio.sys
2009-12-28 23:47:55 0 d-----w- c:\program files\WIDCOMM
2009-12-28 22:17:14 0 d-----w- c:\program files\IVT Corporation
2009-12-28 22:17:00 32 ----a-w- c:\windows\0
2009-12-28 22:17:00 0 ----a-w- c:\windows\system32\0
2009-12-28 22:16:46 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-28 22:16:44 0 d-----w- c:\program files\Nokia
2009-12-28 22:16:38 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-28 22:16:25 0 d-----w- c:\program files\PC Connectivity Solution
2009-12-28 21:28:02 89896 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
2009-12-20 19:51:21 19 ----a-w- c:\windows\popcinfo.dat
2009-12-20 19:02:06 737280 ----a-w- c:\windows\iun6002.exe
2009-12-20 19:01:09 0 d-----w- c:\program files\Insaniquarium Deluxe

==================== Find3M ====================

2010-01-06 23:17:48 73744 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-05 04:37:30 48684 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-28 17:32:58 63 ----a-w- c:\documents and settings\ben\jagex_runescape_preferences2.dat
2009-11-28 17:32:12 38 ----a-w- c:\documents and settings\ben\jagex_runescape_preferences.dat
2009-11-21 12:49:50 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-11-17 09:17:58 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

============= FINISH: 0:00:53.34 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 AM

Posted 17 January 2010 - 02:53 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 neonfire999

neonfire999
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 17 January 2010 - 03:41 PM

ok well my computer has randomly rebooted a couple times, and also spybot doesn't start up and i cant uninstall it because it can't delete the spybot exe file. also, avg won't do any scans and it always says that the e-mail scanner is not active.

here are the logs.
OLG.txt

OTL logfile created on: 1/17/2010 3:15:13 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Ben\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 285.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 7.18 Gb Free Space | 9.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 99.07 Gb Free Space | 42.54% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOCK-1D43AA426F
Current User Name: Ben
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/17 15:14:15 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ben\Desktop\OTL.exe
PRC - [2010/01/06 07:46:12 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/17 18:14:00 | 00,713,544 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009/12/17 18:12:10 | 01,044,808 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/12/12 09:06:57 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/11/24 14:43:00 | 00,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/29 21:06:18 | 00,634,488 | ---- | M] (eBoostr.com) -- C:\Program Files\eBoostr\EBstrSvc.exe
PRC - [2009/09/01 07:29:56 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/01 07:29:51 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/09/01 07:29:42 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/27 17:09:10 | 01,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/01/16 09:17:26 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/09/19 00:00:00 | 00,016,680 | ---- | M] (Sage Software) -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe
PRC - [2008/07/07 15:12:42 | 00,600,680 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/07/07 15:12:40 | 00,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2008/04/14 07:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 10:11:10 | 01,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/01/17 15:14:15 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ben\Desktop\OTL.exe
MOD - [2008/07/07 15:11:06 | 00,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/15 19:57:15 | 00,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/12/23 13:15:41 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/17 18:12:10 | 01,044,808 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/12/17 18:08:54 | 00,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/11/24 14:43:00 | 00,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/29 21:06:18 | 00,634,488 | ---- | M] (eBoostr.com) [Auto | Running] -- C:\Program Files\eBoostr\EBstrSvc.exe -- (EBOOSTRSVC)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/01 07:29:46 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/09/01 07:29:42 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/27 17:09:10 | 01,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/24 14:53:46 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/01/16 09:17:26 | 00,573,440 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/09/19 00:00:00 | 00,016,680 | ---- | M] (Sage Software) [Auto | Running] -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe -- (simply accounting database connection manager)
SRV - [2008/09/08 07:59:00 | 00,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/08/07 11:10:02 | 03,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/07/07 15:12:40 | 00,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/08/16 07:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/08/16 07:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/08/16 07:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/07/24 04:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/07/24 04:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/03/06 17:55:24 | 00,105,248 | ---- | M] (Labtec Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/01/15 18:07:33 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/10/14 07:24:44 | 00,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/09/24 13:38:42 | 00,022,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2009/09/24 05:40:12 | 00,019,592 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2009/09/01 07:29:56 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/09/01 07:29:55 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/05 22:48:42 | 00,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/17 14:01:42 | 00,025,480 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/03 18:53:50 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/03/02 08:53:59 | 00,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\e77b25f3.sys -- (e77b25f3)
DRV - [2009/02/24 17:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/01/28 06:34:02 | 00,125,544 | ---- | M] (eBoostr.com) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\eBoost.sys -- (eBoost)
DRV - [2009/01/16 09:17:26 | 03,266,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/11/20 14:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/08/26 10:26:12 | 00,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/24 04:37:04 | 00,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/06/23 20:59:08 | 00,991,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/05/29 22:46:12 | 00,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/05/16 05:08:16 | 00,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Dave\Local Settings\temp\hSONYPVh.sys -- (hSONYPVh)
DRV - [2008/04/14 07:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/14 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/04/14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 23:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/10 05:18:42 | 00,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 04:57:44 | 00,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/12/04 16:10:30 | 00,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (palmusbd)
DRV - [2007/09/19 22:59:14 | 00,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/05/31 12:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (rimusb)
DRV - [2007/03/20 11:33:26 | 00,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2007/03/06 17:54:40 | 00,041,376 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/03/06 17:52:46 | 02,261,792 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/03/06 17:50:30 | 01,669,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/03/06 17:48:46 | 01,273,504 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/03/06 17:48:46 | 00,014,240 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2005/08/11 13:49:28 | 00,393,088 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2005/03/28 10:19:38 | 00,220,992 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2005/03/04 20:53:00 | 00,127,872 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2005/02/22 21:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/09/14 13:55:44 | 00,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2004/08/22 15:31:48 | 00,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 15:31:10 | 00,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2003/08/14 13:46:48 | 00,125,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000) Intel®
DRV - [2001/08/17 13:02:40 | 00,035,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame)
DRV - [2001/08/17 13:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 11:19:58 | 00,048,768 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\maestro.sys -- (maestro) ESS Maestro Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 13 7F FD F6 95 CA 01 [binary data]
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1003\..\URLSearchHook: *{ce0c2586-da36-452b-acdb-320d9bcb19bf} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1003\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1003\S-1-5-21-1935655697-1682526488-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 65 40 60 5C E1 C9 01 [binary data]
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\S-1-5-21-1935655697-1682526488-1644491937-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\S-1-5-21-1935655697-1682526488-1644491937-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.4
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.15
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: twittytunes@extras.foxytunes.com:0.5.4.1
FF - prefs.js..extensions.enabledItems: {10c62ce3-3794-4c18-a881-481733c1a425}:1.6
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.1
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0848}:1.5


FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\Program Files\iWin Games\firefox\ [2009/11/30 20:59:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/10 20:34:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 07:46:19 | 00,000,000 | ---D | M]

[2009/04/22 21:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Mozilla\Extensions
[2009/04/22 21:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/03/23 19:11:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2010/01/16 17:58:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions
[2009/07/16 23:27:05 | 00,000,000 | ---D | M] (UrlbarExt) -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\{10c62ce3-3794-4c18-a881-481733c1a425}
[2010/01/13 23:47:06 | 00,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2009/08/16 22:29:29 | 00,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/07/16 22:26:05 | 00,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009/08/17 23:32:49 | 00,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/01/11 18:29:55 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/13 23:46:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\foxyproxy@eric.h.jung
[2010/01/15 18:28:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\personas@christopher.beard
[2009/12/04 17:29:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\twitternotifier@naan.net
[2009/07/16 22:27:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\twittytunes@extras.foxytunes.com
[2009/09/02 22:17:59 | 00,009,941 | ---- | M] () -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\searchplugins\mywebsearch.xml
[2010/01/17 09:22:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/30 16:13:54 | 00,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
[2009/03/03 09:51:42 | 00,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2009/09/19 16:45:19 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll (Conduit Ltd.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1308.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1308.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1003\..\Toolbar\WebBrowser: (iWin Toolbar) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Program Files\iWin\tbiWin.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Abi\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Deanna\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\Deanna\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Laura\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863
O7 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1003\..Trusted Domains: google.ca ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1003\..Trusted Domains: microsoft.com ([go] http in Trusted sites)
O15 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1003\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0cca191d-13a6-4e29-b746-314dee697d83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGam...S.cab109791.cab ()
O16 - DPF: {5d6f45b3-9043-443d-a792-115447494d24} http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1232071744381 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/15 17:43:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{283f3ae0-ad56-11de-a20d-000d60248ad3}\Shell\AutoRun\command - "" = G:\StartPortableApps.exe -- File not found
O33 - MountPoints2\{ffc3d748-ebc4-11dd-8618-000d60248ad3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ffc3d748-ebc4-11dd-8618-000d60248ad3}\Shell\Explore\command - "" = G:\system.exe -- File not found
O33 - MountPoints2\{ffc3d748-ebc4-11dd-8618-000d60248ad3}\Shell\Open\command - "" = G:\system.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/17 15:14:11 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ben\Desktop\OTL.exe
[2010/01/16 12:48:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\My Documents\MAGIX_Screenshare
[2010/01/16 12:45:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\My Documents\MAGIX_MusicMaker16Premium_Download_Version
[2010/01/16 12:45:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010/01/16 12:42:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2010/01/15 19:57:16 | 00,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010/01/15 18:09:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\My Documents\DVDFab
[2010/01/15 18:07:33 | 00,047,360 | ---- | C] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2010/01/15 18:07:33 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Ben\Application Data\pcouffin.sys
[2010/01/15 18:07:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\Application Data\Vso
[2010/01/15 18:07:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\My Documents\PcSetup
[2010/01/15 18:06:35 | 00,000,000 | ---D | C] -- C:\Program Files\DVDFab 5
[2010/01/12 17:46:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\Application Data\Roni Music
[2010/01/08 22:15:48 | 00,000,000 | ---D | C] -- C:\Program Files\Roni Music
[2010/01/03 22:27:44 | 00,000,000 | ---D | C] -- C:\Program Files\Power Tab Software
[2010/01/03 08:57:20 | 00,000,000 | -HSD | C] -- C:\found.000
[2010/01/01 19:35:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\Local Settings\Application Data\LucasArts
[2010/01/01 19:32:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\Application Data\dvdcss
[2009/12/28 23:46:02 | 00,000,000 | ---D | C] -- C:\Program Files\Project64 1.6
[2009/12/28 21:30:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\Local Settings\Application Data\ICS
[2009/12/28 21:15:56 | 00,000,000 | ---D | C] -- C:\Program Files\Softick
[2009/12/28 18:53:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\Bluetooth Software
[2009/12/28 18:48:45 | 00,047,272 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwusb.sys
[2009/12/28 18:48:44 | 00,156,392 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwdndis.sys
[2009/12/28 18:48:44 | 00,057,384 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwhid.sys
[2009/12/28 18:48:43 | 00,106,557 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\btw_ci.dll
[2009/12/28 18:48:42 | 00,037,160 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btport.sys
[2009/12/28 18:48:40 | 00,991,400 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btkrnl.sys
[2009/12/28 18:48:36 | 00,534,568 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btaudio.sys
[2009/12/28 18:47:55 | 00,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2009/12/28 17:23:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\My Documents\Bluetooth
[2009/12/28 17:17:14 | 00,000,000 | ---D | C] -- C:\Program Files\IVT Corporation
[2009/12/28 17:16:46 | 00,090,624 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2009/12/28 17:16:44 | 00,000,000 | ---D | C] -- C:\Program Files\Nokia
[2009/12/28 17:16:40 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/12/28 17:16:38 | 00,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2009/12/28 17:16:25 | 00,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2009/12/28 17:16:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/12/28 16:32:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\My Documents\Bluetooth Exchange Folder
[2009/12/28 16:28:02 | 00,089,896 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwsecfl.sys
[2009/12/23 13:16:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\Local Settings\Application Data\Temp
[2009/12/20 14:02:06 | 00,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/12/20 14:01:09 | 00,000,000 | ---D | C] -- C:\Program Files\Insaniquarium Deluxe
[2009/11/28 12:00:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2009/11/26 00:24:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/19 23:33:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/08/18 07:41:02 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2009/08/18 07:41:02 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2009/08/11 21:31:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/08/11 21:14:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/06/11 14:52:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2009/05/24 20:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/04/19 15:22:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/02/16 12:11:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/04 13:44:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/01/15 21:00:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/17 15:24:03 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FC260F21-52D8-4B8B-AFC4-C59D0DCF381F}.job
[2010/01/17 15:21:02 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/17 15:18:10 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C3EDB5FB-8A64-432F-A6BC-C7E7E902B0FB}.job
[2010/01/17 15:14:15 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ben\Desktop\OTL.exe
[2010/01/17 15:08:15 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/17 15:07:55 | 00,047,604 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/01/17 13:21:00 | 00,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/17 12:00:18 | 11,796,480 | -H-- | M] () -- C:\Documents and Settings\Ben\NTUSER.DAT
[2010/01/17 12:00:18 | 00,000,450 | ---- | M] () -- C:\WINDOWS\tasks\SyncBackSE iTunes Library.job
[2010/01/17 12:00:18 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Ben\ntuser.ini
[2010/01/17 10:54:11 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/17 08:59:57 | 00,141,759 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/17 08:59:56 | 47,963,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/17 08:57:43 | 00,000,482 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2010/01/17 08:57:04 | 00,000,441 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/01/17 08:56:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/17 08:56:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/17 01:20:25 | 00,533,749 | ---- | M] () -- C:\iTunes Library 2008-10-09.itl
[2010/01/17 01:20:25 | 00,000,008 | -H-- | M] () -- C:\sentinel
[2010/01/17 01:19:21 | 02,618,791 | ---- | M] () -- C:\iTunes Library 2008-10-09.xml
[2010/01/16 23:59:11 | 00,110,592 | ---- | M] () -- C:\iTunes Library 2008-10-09 Extras.itdb
[2010/01/16 15:39:33 | 05,369,856 | ---- | M] () -- C:\iTunes Library 2008-10-09 Genius.itdb
[2010/01/16 12:46:06 | 00,000,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MAGIX Music Maker 16 Premium Download Version.lnk
[2010/01/16 12:31:08 | 00,000,917 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\OpenOffice.org.lnk
[2010/01/15 23:47:58 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/15 19:57:08 | 00,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2010/01/15 19:57:08 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities.lnk
[2010/01/15 18:58:26 | 00,019,702 | ---- | M] () -- C:\Documents and Settings\Ben\My Documents\Air India 182 essay.odt
[2010/01/15 18:07:33 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\Ben\Application Data\inst.exe
[2010/01/15 18:07:33 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2010/01/15 18:07:33 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Ben\Application Data\pcouffin.sys
[2010/01/15 18:07:33 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\Ben\Application Data\pcouffin.cat
[2010/01/15 18:07:33 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\Ben\Application Data\pcouffin.inf
[2010/01/14 00:46:27 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/14 00:38:02 | 00,017,239 | ---- | M] () -- C:\Documents and Settings\Ben\My Documents\air india.odt
[2010/01/13 13:44:08 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/13 00:56:58 | 00,010,165 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\jazz it up.gp5
[2010/01/11 23:27:43 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Ben\Application Data\winscp.rnd
[2010/01/11 09:19:39 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/01/10 11:40:44 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/08 17:57:49 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/07 07:36:25 | 00,000,854 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/01/06 18:17:48 | 00,073,744 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2010/01/06 07:20:33 | 00,018,407 | ---- | M] () -- C:\Documents and Settings\Ben\My Documents\what i believe.odt
[2010/01/05 13:15:06 | 00,028,550 | ---- | M] () -- C:\logfile
[2010/01/05 00:10:02 | 00,021,495 | ---- | M] () -- C:\Documents and Settings\Ben\My Documents\history 60s questions.odt
[2010/01/04 23:37:30 | 00,048,684 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/04 07:22:05 | 00,073,744 | ---- | M] () -- C:\Documents and Settings\Ben\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/04 07:17:38 | 00,245,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/01 18:37:55 | 00,000,559 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch LEGO® Star Wars™ - The Complete Saga.lnk
[2009/12/29 19:06:37 | 00,060,137 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\4980_1141839836589_1545241254_345677_3719486_n.jpg
[2009/12/29 07:32:50 | 01,578,046 | -H-- | M] () -- C:\Documents and Settings\Ben\Local Settings\Application Data\IconCache.db
[2009/12/28 18:48:07 | 00,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2009/12/28 17:36:29 | 00,000,032 | ---- | M] () -- C:\WINDOWS\0
[2009/12/28 17:17:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\0
[2009/12/26 22:18:15 | 00,125,019 | ---- | M] () -- C:\Documents and Settings\Ben\My Documents\IMG_0037.PNG
[2009/12/26 20:56:10 | 00,000,579 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/26 20:56:10 | 00,000,282 | RHS- | M] () -- C:\boot.ini
[2009/12/26 20:56:10 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/20 14:51:21 | 00,000,019 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009/12/20 14:00:54 | 00,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/17 01:20:25 | 00,533,749 | ---- | C] () -- C:\iTunes Library 2008-10-09.itl
[2010/01/17 01:11:59 | 02,618,791 | ---- | C] () -- C:\iTunes Library 2008-10-09.xml
[2010/01/16 12:46:06 | 00,000,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MAGIX Music Maker 16 Premium Download Version.lnk
[2010/01/16 12:31:08 | 00,000,917 | ---- | C] () -- C:\Documents and Settings\Ben\Desktop\OpenOffice.org.lnk
[2010/01/15 19:57:08 | 00,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2010/01/15 18:07:55 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Ben\Application Data\pcouffin.log
[2010/01/15 18:07:33 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Ben\Application Data\inst.exe
[2010/01/15 18:07:33 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Ben\Application Data\pcouffin.cat
[2010/01/15 18:07:33 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Ben\Application Data\pcouffin.inf
[2010/01/14 00:35:49 | 00,019,702 | ---- | C] () -- C:\Documents and Settings\Ben\My Documents\Air India 182 essay.odt
[2010/01/12 17:36:47 | 00,010,165 | ---- | C] () -- C:\Documents and Settings\Ben\Desktop\jazz it up.gp5
[2010/01/12 00:09:20 | 00,017,239 | ---- | C] () -- C:\Documents and Settings\Ben\My Documents\air india.odt
[2010/01/05 00:10:01 | 00,021,495 | ---- | C] () -- C:\Documents and Settings\Ben\My Documents\history 60s questions.odt
[2010/01/01 18:37:55 | 00,000,559 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch LEGO® Star Wars™ - The Complete Saga.lnk
[2010/01/01 16:21:42 | 00,018,407 | ---- | C] () -- C:\Documents and Settings\Ben\My Documents\what i believe.odt
[2009/12/29 19:06:19 | 00,060,137 | ---- | C] () -- C:\Documents and Settings\Ben\Desktop\4980_1141839836589_1545241254_345677_3719486_n.jpg
[2009/12/28 18:48:06 | 00,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2009/12/28 17:17:00 | 00,000,032 | ---- | C] () -- C:\WINDOWS\0
[2009/12/28 17:17:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\0
[2009/12/26 22:19:53 | 00,125,019 | ---- | C] () -- C:\Documents and Settings\Ben\My Documents\IMG_0037.PNG
[2009/12/23 13:16:20 | 00,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/23 13:16:19 | 00,000,876 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/20 14:51:21 | 00,000,019 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/11/14 20:21:49 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/09/30 19:36:26 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Ben\Local Settings\Application Data\PUTTY.RND
[2009/09/30 17:31:56 | 00,151,632 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/09/27 21:11:49 | 00,000,046 | ---- | C] () -- C:\Documents and Settings\Ben\Local Settings\Application Data\DonationCoder_desktopcoral_InstallInfo.dat
[2009/09/24 13:38:42 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2009/08/31 23:02:27 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2009/06/27 10:10:26 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Ben\Application Data\itunesoption.bin
[2009/06/27 10:02:53 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Ben\Application Data\smartpathdb.ini
[2009/06/14 11:10:26 | 00,000,665 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2009/06/07 16:50:39 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/31 10:45:56 | 00,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/04/04 19:00:34 | 00,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2009/04/04 18:54:31 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2009/04/04 18:50:06 | 00,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/04/04 18:49:28 | 00,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/03/22 08:29:19 | 00,111,376 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2009/03/22 08:29:19 | 00,040,352 | ---- | C] () -- C:\WINDOWS\System32\agcrypto.dll
[2009/03/17 20:56:19 | 00,000,024 | ---- | C] () -- C:\Documents and Settings\Ben\Local Settings\Application Data\26480-11745-11453-00TD1-98922
[2009/02/14 14:44:11 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Ben\Application Data\winscp.rnd
[2009/02/10 18:35:18 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/07 11:34:55 | 00,113,152 | ---- | C] () -- C:\Documents and Settings\Ben\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/06 19:26:32 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/03 17:58:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009/02/01 15:05:46 | 00,000,854 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/01 14:47:52 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2009/01/25 22:05:53 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/01/25 16:19:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\e77b25f3.sys
[2009/01/24 17:42:22 | 00,001,317 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2009/01/18 09:53:29 | 00,001,300 | ---- | C] () -- C:\WINDOWS\System32\cool.dll
[2009/01/17 22:22:02 | 00,051,370 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/17 19:33:23 | 00,000,080 | ---- | C] () -- C:\Documents and Settings\Ben\Local Settings\Application Data\FASTWiz.log
[2008/07/07 15:11:32 | 02,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/03/06 17:50:30 | 01,669,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/06/01 04:46:30 | 11,194,368 | ---- | C] () -- C:\WINDOWS\System32\ZHHP_RES.DLL
[2005/06/01 04:46:30 | 00,749,568 | ---- | C] () -- C:\WINDOWS\System32\AGISSI.DLL
[2005/06/01 04:46:30 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\VSHP2600.DLL
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/09/16 15:24:26 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/22 16:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003/08/06 15:23:08 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A988B257
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC9021B2
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72739815
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75B0EC75
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50E7393E
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21192FCF
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E22637F
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF2E5A21
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88050731
< End of report >

Extras.txt

OTL Extras logfile created on: 1/17/2010 3:15:13 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Ben\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 285.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 7.18 Gb Free Space | 9.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 99.07 Gb Free Space | 42.54% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOCK-1D43AA426F
Current User Name: Ben
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1935655697-1682526488-1644491937-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1935655697-1682526488-1644491937-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Palm\HOTSYNC.EXE" = C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application -- (PalmSource, Inc)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Microsoft Games\Halo\halo.exe" = C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo -- (Microsoft Corporation)
"C:\Program Files\iPhone Tunnel Suite 2.7 BETA\iTunnel\iTunnel.exe" = C:\Program Files\iPhone Tunnel Suite 2.7 BETA\iTunnel\iTunnel.exe:*:Enabled:iTunnel -- ()
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe" = C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Simply Accounting Pro 2009\SimplyAccounting.exe" = C:\Program Files\Simply Accounting Pro 2009\SimplyAccounting.exe:*:Enabled:Simply Accounting Pro 2009 -- (Sage Software, Inc.)
"C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe" = C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe:*:Enabled:SimplyConnectionManager -- (Sage Software)
"C:\Program Files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe" = C:\Program Files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe:*:Enabled:mysqld-nt -- ()
"C:\Program Files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqladmin.exe" = C:\Program Files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqladmin.exe:*:Enabled:mysqladmin -- ()
"C:\Program Files\Simply Accounting Pro 2009\conversion\simconv150\SimplyAccounting_conv150.exe" = C:\Program Files\Simply Accounting Pro 2009\conversion\simconv150\SimplyAccounting_conv150.exe:*:Enabled:SimplyAccounting_conv150 -- (Sage Software, Inc.)
"C:\Program Files\Simply Accounting Pro 2009\conversion\simconv160\SimplyAccounting_conv160.exe" = C:\Program Files\Simply Accounting Pro 2009\conversion\simconv160\SimplyAccounting_conv160.exe:*:Enabled:SimplyAccounting_conv160 -- (Sage Software, Inc.)
"C:\Program Files\Simply Accounting Pro 2009\conversion\upgradejet\SimplyAccounting_upgradejet.exe" = C:\Program Files\Simply Accounting Pro 2009\conversion\upgradejet\SimplyAccounting_upgradejet.exe:*:Enabled:SimplyAccounting_upgradejet -- ()
"C:\Program Files\Simply Accounting Pro 2009\LogSubmitter\SimplyErrorLogSubmitter.exe" = C:\Program Files\Simply Accounting Pro 2009\LogSubmitter\SimplyErrorLogSubmitter.exe:*:Enabled:SimplyErrorLogSubmitter -- (Sage Software)
"C:\Program Files\Simply Accounting Pro 2009\dbverifier\SimplyAccounting_DBVerifier.exe" = C:\Program Files\Simply Accounting Pro 2009\dbverifier\SimplyAccounting_DBVerifier.exe:*:Enabled:Company File Check & Repair -- (Sage Software)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm -- (Last.fm)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0c17affe-f4eb-4a9d-8921-55e1715e4962}" = Soundcrank
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{142e0726-73b2-4cd5-95be-8b018801886c}" = Simply Accounting by Sage 2009
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{303379C9-8610-4CCF-AF37-C4BF8998C591}" = Roxio Media Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{37c11957-8228-4119-888d-3ea6b742bd9c}" = Simply Accounting by Sage 2009
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3b4e636e-9d65-4d67-ba61-189800823f52}" = Windows Live Communications Platform
"{3B755EF7-F860-4F72-9A2D-5216CB48BA7C}" = ArcSoft PhotoStudio 5.5
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45338b07-a236-4270-9a77-ebb4115517b5}" = Windows Live Sign-in Assistant
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{66E0EB37-6024-4872-897A-8E83AF1C87CA}" = ArcSoft VideoImpression 2
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72df62bd-ff36-424e-aa5f-d89baff2c249}" = RollerCoaster Tycoon 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77dcdce3-2ded-62f3-8154-05e745472d07}" = Acrobat.com
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82A51429-57E5-4F83-B030-539EDE2464DB}" = MSN Toolbar
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89f4137d-6c26-4a84-bdb8-2e5a4bb71e00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8a74e887-8f0f-4017-af53-cba42211aaa5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0010-0409-0000-0000000ff1ce}" = Microsoft Software Update for Web Folders (English) 12
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92c7d009-a464-4948-a980-7a3e28cb2f49}" = Richard Burns Rally
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9736585B-7804-4E42-865A-A458C4CEC6C7}_is1" = iPhone Tunnel Suite 2.7 BETA
"{995BF1A7-30E5-49E5-A0E4-AD3213D9E330}" = Labtec WebCam
"{995f1e2e-f542-4310-8e1d-9926f5a279b3}" = Windows Live Toolbar
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{a3051cd0-2f64-3813-a88d-b8dccde8f8c7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}" = AvantGo Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{b1ad83a0-dc92-41e3-b111-e9472349768c}" = RollerCoaster Tycoon 2: Wacky Worlds
"{B1EDEBF1-B4DA-46A5-B346-D1B580548EAA}" = iPhone Folders
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{b9242864-2841-4ade-86e0-8f90f91b04dd}" = Logitech Gaming Software
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{ba1e1afd-d1f2-4c52-88c3-186fc5e61604}" = RollerCoaster Tycoon 2: Time Twister
"{bd64af4a-8c80-4152-ad77-fcddf05208ab}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{c09fb3cd-3d0c-3f2d-899a-6a1d67f2073f}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{c54856bc-3549-4ade-ad4b-bc48c336df5a}" = Simply Accounting by Sage 2009
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{cb2f7edd-9d1f-43c1-90fc-4f52eae172a1}" = Microsoft .NET Framework 1.1
"{ce2cdd62-0124-36ca-84d3-9f4dcf5c5bd9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D793A12F-E362-48BB-B332-1DA5E936B52D}" = BlackBerry Desktop Software 4.3
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{ECA7BF56-0698-4619-8B9C-7F00D538F02E}" = Predator
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{f0b430d1-b6aa-473d-9b06-aa3dd01fd0b8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{f6bd194c-4190-4d73-b1b1-c48c99921bfe}" = Windows Live Call
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{f929096b-54a0-4c5c-b125-1e7eb1917412}" = MySQL Connector/ODBC 3.51
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{ff66e9f6-83e7-3a3e-af14-8de9a809a6a4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Amazing Slow Downer" = Amazing Slow Downer (remove only)
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG 8.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"avs4you video converter 6_is1" = AVS Video Converter 6
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"com.adobe.mauby.4875e02d9fb21ee389f73b8d1702b320485df8ce.1" = Acrobat.com
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
"eBoostr 1" = eBoostr 3
"ERUNT_is1" = ERUNT 1.1j
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.2
"Google Chrome" = Google Chrome
"google updater" = Google Updater
"Graboid Video" = Graboid Video 1.65
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Halo" = Microsoft Halo
"HijackThis" = HijackThis 2.0.2
"Hotel Dash: Suite Success" = Hotel Dash: Suite Success (remove only)
"HyperCam 2" = HyperCam 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Insaniquarium_Deluxe_1.0" = Insaniquarium Deluxe 1.0
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"ips XP_is1" = ips XP 1.11.2600
"iWin Toolbar" = iWin Toolbar
"iWinArcade" = iWin Games (remove only)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm 1.5.4.24567
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.1
"LimeWire" = LimeWire 5.4.6
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MAGIX Music Maker 16 Premium Download Version UK" = MAGIX Music Maker 16 Premium Download Version
"MAGIX Screenshare UK" = MAGIX Screenshare
"MAGIX Speed burnR UK" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"microsoft .net framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSNINST" = MSN
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"nero8lite_is1" = Nero 8 Lite 8.1.1.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"QcDrv" = Labtec® Camera Driver
"RealArcade" = RealArcade
"RollerCoaster Tycoon Setup" = Roll
"swiftkit" = SwiftKit
"SyncBackSE_is1" = SyncBackSE
"The Sims 2 University - Crack" = The Sims 2 University - Crack
"TS2 Enhancer v.2.0_is1" = TS2 Enhancer v.2.0
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"Web Games Player Plugin" = Web Games Player Plugin
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"windows media format runtime" = Windows Media Format 11 runtime
"windows media player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.1.8
"wmfdist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1935655697-1682526488-1644491937-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"b7c0bad11b91039e" = Album Downloader
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/21/2009 8:20:59 AM | Computer Name = BOCK-1D43AA426F | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 12/21/2009 8:21:00 AM | Computer Name = BOCK-1D43AA426F | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB953297-X86\NDP1.1sp1-KB953297-X86-msi.0.log.

Error - 12/21/2009 8:21:02 AM | Computer Name = BOCK-1D43AA426F | Source = NativeWrapper | ID = 5000
Description =

Error - 12/22/2009 1:06:53 AM | Computer Name = BOCK-1D43AA426F | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 12/22/2009 1:06:55 AM | Computer Name = BOCK-1D43AA426F | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB953297-X86\NDP1.1sp1-KB953297-X86-msi.0.log.

Error - 12/22/2009 1:06:57 AM | Computer Name = BOCK-1D43AA426F | Source = NativeWrapper | ID = 5000
Description =

Error - 12/23/2009 12:40:00 AM | Computer Name = BOCK-1D43AA426F | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 12/23/2009 12:40:01 AM | Computer Name = BOCK-1D43AA426F | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB953297-X86\NDP1.1sp1-KB953297-X86-msi.0.log.

Error - 12/23/2009 12:40:03 AM | Computer Name = BOCK-1D43AA426F | Source = NativeWrapper | ID = 5000
Description =

Error - 12/23/2009 2:31:29 PM | Computer Name = BOCK-1D43AA426F | Source = Application Error | ID = 1000
Description = Faulting application googleearth.exe, version 5.1.3533.1731, faulting
module msvcr80.dll, version 8.0.50727.3053, fault address 0x00008aa0.

[ System Events ]
Error - 1/14/2010 8:08:04 PM | Computer Name = BOCK-1D43AA426F | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 1/15/2010 2:30:22 AM | Computer Name = BOCK-1D43AA426F | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update
for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 (KB953297).

Error - 1/15/2010 7:32:19 PM | Computer Name = BOCK-1D43AA426F | Source = NetBT | ID = 4307
Description = Initialization failed because the transport refused to open initial
Addresses.

Error - 1/15/2010 8:57:19 PM | Computer Name = BOCK-1D43AA426F | Source = Service Control Manager | ID = 7000
Description = The TuneUp Theme Extension service failed to start due to the following
error: %%1083

Error - 1/16/2010 12:53:18 AM | Computer Name = BOCK-1D43AA426F | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update
for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 (KB953297).

Error - 1/16/2010 1:49:33 PM | Computer Name = BOCK-1D43AA426F | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Firebird Server - MAGIX
Instance service to connect.

Error - 1/16/2010 1:49:33 PM | Computer Name = BOCK-1D43AA426F | Source = Service Control Manager | ID = 7000
Description = The Firebird Server - MAGIX Instance service failed to start due to
the following error: %%1053

Error - 1/16/2010 4:38:08 PM | Computer Name = BOCK-1D43AA426F | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 1/16/2010 5:07:38 PM | Computer Name = BOCK-1D43AA426F | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 1/17/2010 2:22:32 AM | Computer Name = BOCK-1D43AA426F | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update
for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 (KB953297).

[ TuneUp Events ]
Error - 11/25/2009 7:18:21 AM | Computer Name = BOCK-1D43AA426F | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 11/25/2009 7:18:21 AM | Computer Name = BOCK-1D43AA426F | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 11/27/2009 5:45:42 PM | Computer Name = BOCK-1D43AA426F | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 11/27/2009 5:46:22 PM | Computer Name = BOCK-1D43AA426F | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 11/27/2009 5:47:02 PM | Computer Name = BOCK-1D43AA426F | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 11/27/2009 6:05:38 PM | Computer Name = BOCK-1D43AA426F | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 11/27/2009 10:08:01 PM | Computer Name = BOCK-1D43AA426F | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 11/28/2009 9:21:56 AM | Computer Name = BOCK-1D43AA426F | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 11/28/2009 10:19:54 AM | Computer Name = BOCK-1D43AA426F | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 11/28/2009 12:01:46 PM | Computer Name = BOCK-1D43AA426F | Source = TuneUp Program Statistics | ID = 131840
Description =


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 AM

Posted 17 January 2010 - 03:53 PM

Hi,

please also ran a scan with gmer:

.Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

And a scan with win32kdiag:

Download and run Win32kDiag:
  1. Download Win32kDiag from any of the following locations and save it to your Desktop.
  2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 neonfire999

neonfire999
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 20 January 2010 - 11:02 PM

QUOTE(myrti @ Jan 17 2010, 03:53 PM) View Post
Hi,

please also ran a scan with gmer:

.Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

And a scan with win32kdiag:

Download and run Win32kDiag:
  1. Download Win32kDiag from any of the following locations and save it to your Desktop.
  2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
regards myrti


ok i downloaded gmer and tried to run it disconnected from the internet and with no anti-virus but it came up with the error message with asking to send or not send an error report. i tried the same thing in safe mode and it did the same thing. then i ran Win32kDiag.exe and here is the log.

Running from: C:\Documents and Settings\Ben\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Ben\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 AM

Posted 21 January 2010 - 07:01 AM

Hi,

please run rootrepeal and mbr instead:

Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 neonfire999

neonfire999
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 26 January 2010 - 10:00 PM

QUOTE(myrti @ Jan 21 2010, 07:01 AM) View Post
Hi,

please run rootrepeal and mbr instead:

Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.
regards myrti


Ok so i downloaded and ran mbr.exe and here is the log,

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x83693008]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x83693008
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

Then i couldnt download rootrepeal using your link so i googled it and found this site (http://rootrepeal.googlepages.com/) where i downloaded rootrepeal from this link (http://ad13.geekstogo.com/RootRepeal.rar) and then ran it and here is the log,

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/26 21:28
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF75FE000 Size: 98304 File Visible: No Signed: -
Status: -

Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA4D5000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7C43000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mbr.sys
Image Path: C:\DOCUME~1\Ben\LOCALS~1\Temp\mbr.sys
Address: 0xF7A29000 Size: 20864 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA6582000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Ben\Local Settings\Apps\2.0\0YKJPV6J.RG5\ZHKC2WXY.4Y1\manifests\AlbumDownloader.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Ben\Local Settings\Apps\2.0\0YKJPV6J.RG5\ZHKC2WXY.4Y1\manifests\AlbumDownloader.exe.manifest
Status: Locked to the Windows API!

Processes
-------------------
Path: C:\WINDOWS\system32\ZSHP2600.EXE
PID: 7020 Status: Hidden from the Windows API!

Path: C:\WINDOWS\system32\ZSHP2600.EXE
PID: 9144 Status: Hidden from the Windows API!

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "d347bus.sys" at address 0xf76a7818

#: 041 Function Name: NtCreateKey
Status: Hooked by "d347bus.sys" at address 0xf76a77d0

#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "d347bus.sys" at address 0xf769ba20

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "d347bus.sys" at address 0xf769c2a8

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "d347bus.sys" at address 0xf76a7910

#: 119 Function Name: NtOpenKey
Status: Hooked by "d347bus.sys" at address 0xf76a7794

#: 160 Function Name: NtQueryKey
Status: Hooked by "d347bus.sys" at address 0xf769c2c8

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "d347bus.sys" at address 0xf76a7866

#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by "d347bus.sys" at address 0xf76a70b0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x83b70da8 Size: 11

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x82929360 Size: 11

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x83693008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x83588008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CLOSE]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_READ]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_WRITE]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_EA]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_EA]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SHUTDOWN]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CLEANUP]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_SECURITY]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_POWER]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_QUOTA]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_PNP]
Process: System Address: 0x835fc008 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_CREATE]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_CLOSE]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_READ]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_WRITE]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_QUERY_EA]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_SET_EA]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_SHUTDOWN]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_CLEANUP]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_SET_SECURITY]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_POWER]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_SET_QUOTA]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: mcdbus, IRP_MJ_PNP]
Process: System Address: 0x836a5e78 Size: 99

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x836b6f28 Size: 11

Object: Hidden Code [Driver: Srv, IRP_MJ_READ]
Process: System Address: 0x82ba2d08 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x839c3ec0 Size: 11

Object: Hidden Code [Driver: Npfsࠅ浍瑓ࠁఄ瑁䅭橐'쀧Ԁ65, IRP_MJ_READ]
Process: System Address: 0x839d8968 Size: 11

Object: Hidden Code [Driver: Hel, IRP_MJ_READ]
Process: System Address: 0x8366e2e0 Size: 11

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System Address: 0x83633598 Size: 11

Object: Hidden Code [Driver: Cdfsࠅఊ祓譐nn᪘, IRP_MJ_READ]
Process: System Address: 0x83a2fe78 Size: 11

==EOF==

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 AM

Posted 27 January 2010 - 07:23 PM

Hi,

thanks for letting me know about the download link. I'll include the link from geekstogo next time.

We need to repeat the scan with mbr:

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Afterwards pelase run a new scan with mbr:
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 neonfire999

neonfire999
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 31 January 2010 - 01:00 PM

QUOTE(myrti @ Jan 27 2010, 07:23 PM) View Post
Hi,

thanks for letting me know about the download link. I'll include the link from geekstogo next time.

We need to repeat the scan with mbr:

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Afterwards pelase run a new scan with mbr:
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
regards myrti


OK here is the mbr.log

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 AM

Posted 05 February 2010 - 09:27 AM

Hi,

your rootkit logs
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c:\windows\system32\drivers\e77b25f3.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 AM

Posted 20 February 2010 - 08:30 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 AM

Posted 27 February 2010 - 04:02 AM

Hi,

topic reopened. Please post your logs.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 AM

Posted 06 March 2010 - 04:12 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 AM

Posted 13 March 2010 - 01:16 PM

Hi,

topic reopened for the final time. Please post fresh OTL logs

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 neonfire999

neonfire999
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 14 March 2010 - 02:22 PM

QUOTE(myrti @ Mar 13 2010, 01:16 PM) View Post
Hi,

topic reopened for the final time. Please post fresh OTL logs

regards myrti


thanks.
ok, so first i did what you asked of me before you closed this and here is the status from Jotti:
Status:
File is empty (0 bytes)!

Then i dleted my old OTL logs and ran a new one but only got OTL.txt which is right here:

OTL logfile created on: 3/14/2010 3:06:30 PM - Run 3
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Ben\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 266.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 29.29 Gb Free Space | 39.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 101.18 Gb Free Space | 43.45% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOCK-1D43AA426F
Current User Name: Ben
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/11 23:38:58 | 00,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/26 23:31:40 | 02,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/01/22 20:16:30 | 00,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2010/01/17 16:14:15 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ben\Desktop\OTL.exe
PRC - [2009/12/17 19:14:00 | 00,713,544 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009/12/17 19:12:10 | 01,044,808 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/12/12 10:06:57 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/10/11 05:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/01 08:29:56 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/01 08:29:51 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/09/01 08:29:42 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/23 01:00:00 | 00,091,432 | ---- | M] (Sage) -- C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
PRC - [2009/08/23 01:00:00 | 00,029,992 | ---- | M] (Sage) -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/01/24 16:13:20 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/01/16 10:17:26 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/07/07 16:12:42 | 00,600,680 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/07/07 16:12:40 | 00,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2008/04/14 08:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 11:11:10 | 01,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/01/17 16:14:15 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ben\Desktop\OTL.exe
MOD - [2008/07/07 16:11:06 | 00,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/22 20:16:30 | 00,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2010/01/15 20:57:15 | 00,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/12/23 14:15:41 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/17 19:12:10 | 01,044,808 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/12/17 19:08:54 | 00,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/12/08 01:00:00 | 00,042,280 | ---- | M] (Sage) [On_Demand | Stopped] -- C:\Program Files\winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe -- (Simply Accounting Transaction Manager 2010 - CDN)
SRV - [2009/10/11 05:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/01 08:29:46 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/09/01 08:29:42 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/23 01:00:00 | 00,029,992 | ---- | M] (Sage) [Auto | Running] -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe -- (simply accounting database connection manager)
SRV - [2009/08/05 23:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/24 15:53:46 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/01/16 10:17:26 | 00,573,440 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/09/08 08:59:00 | 00,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/07/07 16:12:40 | 00,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/08/16 08:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/08/16 08:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/08/16 08:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/07/24 05:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/07/24 05:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/03/06 18:55:24 | 00,105,248 | ---- | M] (Labtec Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2002/09/20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/01/15 19:07:33 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/10/14 08:24:44 | 00,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/09/24 14:38:42 | 00,022,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2009/09/24 06:40:12 | 00,019,592 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2009/09/01 08:29:56 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/09/01 08:29:55 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/05 23:48:42 | 00,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/17 15:01:42 | 00,025,480 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/03 19:53:50 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/03/02 09:53:59 | 00,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\e77b25f3.sys -- (e77b25f3)
DRV - [2009/02/24 18:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/01/16 10:17:26 | 03,266,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/11/20 15:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/08/26 11:26:12 | 00,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/24 05:37:04 | 00,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/06/23 21:59:08 | 00,991,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/05/29 23:46:12 | 00,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/05/16 06:08:16 | 00,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Dave\Local Settings\temp\hSONYPVh.sys -- (hSONYPVh)
DRV - [2008/04/14 08:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/14 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/04/14 01:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 00:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/10 06:18:42 | 00,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 05:57:44 | 00,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/12/04 17:10:30 | 00,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (palmusbd)
DRV - [2007/09/19 23:59:14 | 00,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/05/31 13:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (rimusb)
DRV - [2007/03/20 12:33:26 | 00,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2007/03/06 18:54:40 | 00,041,376 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/03/06 18:52:46 | 02,261,792 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/03/06 18:50:30 | 01,669,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/03/06 18:48:46 | 01,273,504 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/03/06 18:48:46 | 00,014,240 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2005/08/11 14:49:28 | 00,393,088 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2005/03/28 11:19:38 | 00,220,992 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2005/03/04 21:53:00 | 00,127,872 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2005/02/22 22:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/09/14 14:55:44 | 00,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2004/08/22 16:31:48 | 00,005,248 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16:31:10 | 00,155,136 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2003/08/14 14:46:48 | 00,125,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000) Intel®
DRV - [2001/08/17 14:02:40 | 00,035,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame)
DRV - [2001/08/17 14:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 12:19:58 | 00,048,768 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\maestro.sys -- (maestro) ESS Maestro Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 65 40 60 5C E1 C9 01 [binary data]
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\S-1-5-21-1935655697-1682526488-1644491937-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\S-1-5-21-1935655697-1682526488-1644491937-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Kiwee Toolbar"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.5.1
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.19.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {10c62ce3-3794-4c18-a881-481733c1a425}:1.6.1
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.3.2
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3
FF - prefs.js..keyword.URL: "http://search.imgag.com/?appid=kwtb&component=UnifiedToolbarFF&c=EMKWO50024&sbs=1&sc=&f=web&vernum=3.2&uid=&did={53246c89-5874-40d0-a03f-75e04eaa1dfd}&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/12 11:33:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/12 11:33:57 | 00,000,000 | ---D | M]

[2009/04/22 22:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Mozilla\Extensions
[2009/04/22 22:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/03/23 20:11:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2010/03/14 14:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions
[2010/03/12 23:43:00 | 00,000,000 | ---D | M] (UrlbarExt) -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\{10c62ce3-3794-4c18-a881-481733c1a425}
[2010/03/12 23:43:01 | 00,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2010/01/26 22:52:29 | 00,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/03/12 23:42:11 | 00,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010/03/12 23:43:00 | 00,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/01/11 19:29:55 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/12 23:42:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\foxyproxy@eric.h.jung
[2010/03/12 00:11:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\personas@christopher.beard
[2010/03/12 23:43:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\twitternotifier@naan.net
[2009/07/16 23:27:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\twittytunes@extras.foxytunes.com
[2010/03/12 23:42:10 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2010/03/12 23:42:10 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/03/12 23:42:10 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2010/03/12 23:42:11 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010/01/30 00:16:31 | 00,002,069 | ---- | M] () -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\searchplugins\kiwee-toolbar.xml
[2009/09/02 23:17:59 | 00,009,941 | ---- | M] () -- C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\searchplugins\mywebsearch.xml
[2010/03/14 14:41:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/26 23:31:33 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/03/30 17:13:54 | 00,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npraclient.dll

O1 HOSTS File: ([2009/09/19 17:45:19 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionManager] C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe (Sage)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Abi\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Deanna\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\Deanna\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Laura\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O7 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863
O7 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1935655697-1682526488-1644491937-1005\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0cca191d-13a6-4e29-b746-314dee697d83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGam...S.cab109791.cab ()
O16 - DPF: {5d6f45b3-9043-443d-a792-115447494d24} http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1232071744381 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/15 18:43:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{283f3ae0-ad56-11de-a20d-000d60248ad3}\Shell\AutoRun\command - "" = G:\StartPortableApps.exe -- File not found
O33 - MountPoints2\{ffc3d748-ebc4-11dd-8618-000d60248ad3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ffc3d748-ebc4-11dd-8618-000d60248ad3}\Shell\Explore\command - "" = G:\system.exe -- File not found
O33 - MountPoints2\{ffc3d748-ebc4-11dd-8618-000d60248ad3}\Shell\Open\command - "" = G:\system.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/12 19:31:37 | 00,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/03/12 12:01:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\My Documents\School
[2010/03/12 11:16:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\Application Data\HotSync
[2010/03/12 11:13:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\Application Data\MSNInstaller
[2010/03/12 11:05:10 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ben\Desktop\OTL.exe
[2010/03/12 11:04:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\Desktop\diagnostics
[2010/03/07 18:40:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\My Documents\ROMs
[2010/03/01 21:24:33 | 00,000,000 | ---D | C] -- C:\peanut
[2010/03/01 19:05:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Simply Accounting
[2010/03/01 19:05:31 | 00,000,000 | ---D | C] -- C:\Program Files\Simply Accounting Pro 2010
[2010/03/01 18:58:28 | 00,000,000 | ---D | C] -- C:\Program Files\Simply Accounting by Sage Setup Files CDN
[2010/02/27 02:49:38 | 00,000,000 | ---D | C] -- C:\Nexon
[2010/02/27 02:49:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/02/26 23:32:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben\Local Settings\Application Data\PMB Files
[2010/02/26 23:31:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/02/26 23:31:24 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/02/19 19:47:50 | 03,604,480 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010/01/23 14:47:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/15 19:07:33 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Ben\Application Data\pcouffin.sys
[2009/11/28 13:00:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2009/11/26 01:24:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/20 00:33:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/08/18 08:41:02 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2009/08/18 08:41:02 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2009/08/11 22:31:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/11 15:52:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2009/05/24 21:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/04/19 16:22:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/02/16 13:11:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/04 14:44:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/01/15 22:00:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/14 15:17:00 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FC260F21-52D8-4B8B-AFC4-C59D0DCF381F}.job
[2010/03/14 15:13:00 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C3EDB5FB-8A64-432F-A6BC-C7E7E902B0FB}.job
[2010/03/14 15:02:50 | 00,000,482 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2010/03/14 14:51:00 | 12,320,768 | -H-- | M] () -- C:\Documents and Settings\Ben\NTUSER.DAT
[2010/03/14 14:29:06 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/14 14:28:40 | 00,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/14 14:27:01 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/14 12:00:19 | 00,000,450 | ---- | M] () -- C:\WINDOWS\tasks\SyncBackSE iTunes Library.job
[2010/03/14 12:00:19 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Ben\ntuser.ini
[2010/03/14 11:31:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/14 09:30:00 | 57,108,066 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/14 08:23:48 | 00,462,500 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 08:23:47 | 00,078,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 08:23:45 | 00,551,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 08:20:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/14 08:20:45 | 00,047,604 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/03/14 08:20:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/13 19:16:52 | 17,636,06856 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\MSSetupv83.exe
[2010/03/13 18:19:53 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/13 18:03:44 | 00,113,664 | ---- | M] () -- C:\Documents and Settings\Ben\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/13 18:03:44 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/13 00:06:43 | 00,000,008 | -H-- | M] () -- C:\sentinel
[2010/03/13 00:06:42 | 00,710,405 | ---- | M] () -- C:\iTunes Library 2008-10-09.itl
[2010/03/13 00:06:29 | 00,135,168 | ---- | M] () -- C:\iTunes Library 2008-10-09 Extras.itdb
[2010/03/12 23:57:40 | 00,000,135 | ---- | M] () -- C:\WINDOWS\System32\msexcr.ini
[2010/03/12 22:42:44 | 03,052,466 | ---- | M] () -- C:\iTunes Library 2008-10-09.xml
[2010/03/12 19:32:19 | 00,000,892 | ---- | M] () -- C:\Documents and Settings\Ben\Desktop\DVDVideoSoft Free Studio.lnk
[2010/03/12 11:16:43 | 00,000,094 | ---- | M] () -- C:\WINDOWS\family.ini
[2010/03/10 23:47:46 | 05,988,352 | ---- | M] () -- C:\iTunes Library 2008-10-09 Genius.itdb
[2010/03/03 14:44:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/01 21:32:22 | 00,000,019 | ---- | M] () -- C:\WINDOWS\wp.ini
[2010/03/01 21:32:18 | 00,002,303 | ---- | M] () -- C:\WINDOWS\wp2.ini
[2010/03/01 20:11:43 | 00,000,854 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/03/01 17:55:57 | 04,276,784 | -H-- | M] () -- C:\Documents and Settings\Ben\Local Settings\Application Data\IconCache.db
[2010/02/28 22:53:27 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/25 01:20:44 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/24 22:34:48 | 00,000,589 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/19 19:47:50 | 03,604,480 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010/02/18 21:34:02 | 00,050,845 | ---- | M] () -- C:\abi pic.jpg
[2010/02/18 21:33:51 | 00,050,845 | ---- | M] () -- C:\abi pic
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/13 00:09:38 | 17,636,06856 | ---- | C] () -- C:\Documents and Settings\Ben\Desktop\MSSetupv83.exe
[2010/03/13 00:06:42 | 00,710,405 | ---- | C] () -- C:\iTunes Library 2008-10-09.itl
[2010/03/12 23:57:40 | 00,000,135 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2010/03/12 22:42:42 | 03,052,466 | ---- | C] () -- C:\iTunes Library 2008-10-09.xml
[2010/03/12 19:32:19 | 00,000,892 | ---- | C] () -- C:\Documents and Settings\Ben\Desktop\DVDVideoSoft Free Studio.lnk
[2010/03/12 11:16:43 | 00,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2010/03/01 21:29:02 | 00,002,303 | ---- | C] () -- C:\WINDOWS\wp2.ini
[2010/03/01 21:29:02 | 00,000,019 | ---- | C] () -- C:\WINDOWS\wp.ini
[2010/02/19 19:18:16 | 00,649,084 | ---- | C] () -- C:\Documents and Settings\Ben\My Documents\BenandJay 008.jpg
[2010/02/18 21:34:01 | 00,050,845 | ---- | C] () -- C:\abi pic.jpg
[2010/02/18 21:33:51 | 00,050,845 | ---- | C] () -- C:\abi pic
[2010/01/15 19:07:55 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Ben\Application Data\pcouffin.log
[2010/01/15 19:07:33 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Ben\Application Data\inst.exe
[2010/01/15 19:07:33 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Ben\Application Data\pcouffin.cat
[2010/01/15 19:07:33 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Ben\Application Data\pcouffin.inf
[2009/09/30 20:36:26 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Ben\Local Settings\Application Data\PUTTY.RND
[2009/09/30 18:31:56 | 00,151,632 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/09/27 22:11:49 | 00,000,046 | ---- | C] () -- C:\Documents and Settings\Ben\Local Settings\Application Data\DonationCoder_desktopcoral_InstallInfo.dat
[2009/09/24 14:38:42 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2009/06/27 11:10:26 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Ben\Application Data\itunesoption.bin
[2009/06/27 11:02:53 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Ben\Application Data\smartpathdb.ini
[2009/06/14 12:10:26 | 00,000,665 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2009/06/07 17:50:39 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/04 20:00:34 | 00,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2009/04/04 19:54:31 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2009/04/04 19:50:06 | 00,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/04/04 19:49:28 | 00,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/03/22 09:29:19 | 00,111,376 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2009/03/22 09:29:19 | 00,040,352 | ---- | C] () -- C:\WINDOWS\System32\agcrypto.dll
[2009/03/17 21:56:19 | 00,000,024 | ---- | C] () -- C:\Documents and Settings\Ben\Local Settings\Application Data\26480-11745-11453-00TD1-98922
[2009/02/14 15:44:11 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Ben\Application Data\winscp.rnd
[2009/02/10 19:35:18 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/07 12:34:55 | 00,113,664 | ---- | C] () -- C:\Documents and Settings\Ben\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/06 20:26:32 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/03 18:58:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009/02/01 16:05:46 | 00,000,854 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/01 15:47:52 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2009/01/25 23:05:53 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/01/25 17:19:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\e77b25f3.sys
[2009/01/24 18:42:22 | 00,001,317 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2009/01/18 10:53:29 | 00,001,300 | ---- | C] () -- C:\WINDOWS\System32\cool.dll
[2009/01/17 23:22:02 | 00,051,370 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/17 20:33:23 | 00,000,080 | ---- | C] () -- C:\Documents and Settings\Ben\Local Settings\Application Data\FASTWiz.log
[2008/07/07 16:11:32 | 02,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/09/27 11:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/03/06 18:50:30 | 01,669,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/06/01 05:46:30 | 11,194,368 | ---- | C] () -- C:\WINDOWS\System32\ZHHP_RES.DLL
[2005/06/01 05:46:30 | 00,749,568 | ---- | C] () -- C:\WINDOWS\System32\AGISSI.DLL
[2005/06/01 05:46:30 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\VSHP2600.DLL
[2005/02/17 13:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 13:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/09/16 16:24:26 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003/08/06 16:23:08 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/05/15 15:39:00 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/11/14 14:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A988B257
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC9021B2
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72739815
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75B0EC75
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50E7393E
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21192FCF
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E22637F
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF2E5A21
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88050731
< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users