Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect cant find any malware


  • This topic is locked This topic is locked
10 replies to this topic

#1 ksport

ksport

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 01 March 2010 - 08:52 PM

I was infected with the antivirus2010 malware from a website, after about a week of running anti-malware and spybot, antivurs ect... i can finally open the desktop without popups, but i still have redirecting when clicking on google links.

I attached the GMER scan without scanning files, as i have tried to do so every day for 5 days and it will freeze the computer each and every time.

Please help, i posted on malware forum with no help for a month now, hopefully someone here can save me.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Nick at 15:15:25.95 on Wed 02/10/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.779 [GMT -7:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cyclope Server\CyclopeServer.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\pvsw\bin\w3dbsmgr.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\protexis\license service\psiservice_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Sage Software\Peachtree\peachw.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Malwarebytes' Anti-Malware\malscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nick\Desktop\cwcb0ws5.exe
C:\Documents and Settings\Nick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Burn4Free Toolbar Helper: {d187a56b-a33f-4cbe-9d77-459fc0bae012} - c:\program files\burn4free toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Burn4Free Toolbar: {4f11acbb-393f-4c86-a214-ff3d0d155cc3} - c:\program files\burn4free toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RIMDeviceManager] "c:\program files\common files\research in motion\rimdevicemanager\RIMDeviceManager.exe" -RunServer
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SystemRestore] c:\windows\system32\rundll32.exe c:\windows\sysrestore\SystemRestore.dll rdl
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PeachtreePrefetcher.exe] "c:\progra~1\sageso~1\peacht~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Dit] Dit.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digidoc.lnk - c:\progra~1\founder\mobile~1\DigiDoc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone: ameritrade.com
Trusted Zone: ameritrade.com\wwws
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: grimyglendale.com\www
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: nxcore.net\bar1
Trusted Zone: nxcore.net\bar2
Trusted Zone: streamer.com
Trusted Zone: streamer.com\ameritrade01
Trusted Zone: streamer.com\ameritrade02
Trusted Zone: streamer.com\ameritrade03
Trusted Zone: streamer.com\ameritrade04
Trusted Zone: tdameritrade.com\apis
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176756738906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E3CF5F1B-C29E-4D21-B695-E1B0E1CB6EC9} - hxxp://192.168.1.64/codebase/NewHCNetActiveX.cab
TCP: {4128E57F-CEB2-4BD4-AFC1-0FB1A20A4493} = 204.130.255.3,209.63.0.6
Handler: ActLink - {2A0C35F4-82A3-4C80-919D-7879FEE79DF6} - c:\progra~1\act\actfor~2\plugins\actlink.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nick\applic~1\mozilla\firefox\profiles\iksu3nxf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {4B7860A0-8F35-4AAF-A227-89B4D0F352F1} - c:\documents and settings\nick\local settings\application data\{4B7860A0-8F35-4AAF-A227-89B4D0F352F1}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-4 64288]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2006-11-30 16640]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-29 163280]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-29 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-4 40384]
R2 CyclopeServer;CyclopeServer;c:\program files\cyclope server\CyclopeServer.exe [2007-2-21 155648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-13 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-13 47640]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [2007-3-30 8192]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-25 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-4 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-4 40384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-2-4 38224]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-9-28 272128]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-02-10 14:56 15,944 a------- c:\windows\system32\drivers\hitmanpro35.sys
2010-02-10 14:56 <DIR> --d----- c:\program files\Hitman Pro 3.5
2010-02-10 14:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-02-09 15:04 <DIR> --d----- c:\docume~1\nick\applic~1\Office Genuine Advantage
2010-02-09 12:42 89 a------- c:\windows\wininit.ini
2010-02-05 10:54 15,880 a------- c:\windows\system32\lsdelete.exe
2010-02-04 18:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-02-04 17:44 <DIR> --d----- c:\docume~1\nick\applic~1\Malwarebytes
2010-02-04 17:33 0 a------- c:\documents and settings\nick\settings.dat
2010-02-04 17:33 0 a------- c:\windows\system32\15131.exe
2010-02-04 17:13 0 a------- c:\windows\Pvizaneya.bin
2010-02-04 17:13 120 a------- c:\windows\Bguyakiheva.dat
2010-02-04 16:11 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 16:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-04 16:11 19,160 a------- c:\windows\system32\drivers\mbam.sys
2010-02-04 16:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-02-04 15:59 64,288 a------- c:\windows\system32\drivers\Lbd.sys
2010-02-04 15:51 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-24 15:56 <DIR> --d----- c:\program files\thinkTDA
2010-01-12 23:12 471,552 -c------ c:\windows\system32\dllcache\aclayers.dll
2010-01-12 16:03 <DIR> --d----- c:\docume~1\nick\applic~1\Paltalk

==================== Find3M ====================

2010-02-10 14:12 848 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-02-10 09:32 256 a------- c:\documents and settings\nick\pool.bin
2010-01-05 03:00 832,512 a------- c:\windows\system32\wininet.dll
2010-01-05 03:00 78,336 a------- c:\windows\system32\ieencode.dll
2010-01-05 03:00 17,408 a------- c:\windows\system32\corpol.dll
2009-12-31 09:50 353,792 a------- c:\windows\system32\drivers\srv.sys
2009-12-17 17:14 411,368 a------- c:\windows\system32\deploytk.dll
2009-12-16 11:43 343,040 a------- c:\windows\system32\mspaint.exe
2009-12-14 00:08 33,280 a------- c:\windows\system32\csrsrv.dll
2009-12-08 12:26 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:43 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-11-27 10:11 1,291,776 a------- c:\windows\system32\quartz.dll
2009-11-27 10:11 17,920 a------- c:\windows\system32\msyuv.dll
2009-11-27 09:07 28,672 a------- c:\windows\system32\msvidc32.dll
2009-11-27 09:07 8,704 a------- c:\windows\system32\tsbyuv.dll
2009-11-27 09:07 84,992 a------- c:\windows\system32\avifil32.dll
2009-11-27 09:07 48,128 a------- c:\windows\system32\iyuv_32.dll
2009-11-27 09:07 11,264 a------- c:\windows\system32\msrle32.dll
2009-11-21 08:51 471,552 a------- c:\windows\apppatch\aclayers.dll
2009-11-13 17:27 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2009-11-13 17:27 87,352 a------- c:\windows\system32\LMIinit.dll
2009-11-13 17:27 28,984 a------- c:\windows\system32\LMIport.dll
2009-11-13 17:27 25,248 a------- c:\windows\system32\LMImirr.dll
2009-11-13 17:27 11,552 a------- c:\windows\system32\LMImirr2.dll
2009-09-28 12:29 70,984 a------- c:\documents and settings\nick\g2mdlhlpx.exe
2008-07-03 15:07 88 ---shr-- c:\docume~1\alluse~1\applic~1\791F852D7E.sys
2007-07-20 16:29 60,968 a------- c:\documents and settings\nick\GoToAssistDownloadHelper.exe
2007-04-03 10:47 28,656 a------- c:\docume~1\nick\applic~1\GDIPFONTCACHEV1.DAT
2007-02-28 11:59 630,784 a------- c:\documents and settings\nick\GoToAssist_chat2way__317_en.exe
2006-11-30 18:35 630,784 a------- c:\documents and settings\nick\chatlnk.exe

Attached Files

  • Attached File  ark.txt   3.82KB   8 downloads


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:11 PM

Posted 06 March 2010 - 07:05 PM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I
would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    proquota.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#3 ksport

ksport
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 10 March 2010 - 07:23 PM

OTL Extras logfile created on: 3/10/2010 5:07:24 PM - Run 1
OTL by OldTimer - Version 3.1.36.0 Folder = C:\Documents and Settings\Nick\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 235.66 Gb Free Space | 84.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 298.09 Gb Total Space | 156.48 Gb Free Space | 52.49% Space Free | Partition Type: NTFS
Drive X: | 298.09 Gb Total Space | 156.48 Gb Free Space | 52.49% Space Free | Partition Type: NTFS
Drive Y: | 298.09 Gb Total Space | 156.48 Gb Free Space | 52.49% Space Free | Partition Type: NTFS
Drive Z: | 298.09 Gb Total Space | 156.48 Gb Free Space | 52.49% Space Free | Partition Type: NTFS

Computer Name: AUTOLINE-DFA816
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2052111302-1343024091-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1583:TCP" = 1583:TCP:*:Enabled:Pervasive DBEngine
"3351:TCP" = 3351:TCP:*:Enabled:Pervasive DBEngine
"7879:TCP" = 7879:TCP:*:Enabled:cylope
"7879:UDP" = 7879:UDP:*:Enabled:cyclope
"1433:TCP" = 1433:TCP:*:Enabled:SQL TCP
"1434:UDP" = 1434:UDP:*:Enabled:sql udp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FedEx\ShipManager\BIN\BridgeServer.exe" = C:\Program Files\FedEx\ShipManager\BIN\BridgeServer.exe:*:Enabled:BridgeServer Module -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\FedEx\ShipManager\BIN\poc.exe" = C:\Program Files\FedEx\ShipManager\BIN\poc.exe:*:Enabled:POC -- File not found
"C:\Program Files\FedEx\ShipManager\ASA\WIN32\dbeng9.exe" = C:\Program Files\FedEx\ShipManager\ASA\WIN32\dbeng9.exe:*:Enabled:Adaptive Server Anywhere Database Engine -- File not found
"C:\Program Files\StompSoft\PC BackUp\UpdatePCBackUp.exe" = C:\Program Files\StompSoft\PC BackUp\UpdatePCBackUp.exe:*:Enabled:TrueUpdate 2.0 Client -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\pvsw\bin\w3dbsmgr.exe" = C:\pvsw\bin\w3dbsmgr.exe:*:Enabled:w3dbsmgr -- ()
"C:\pvsw\bin\w3lgo103.exe" = C:\pvsw\bin\w3lgo103.exe:*:Enabled:w3lgo103 -- (Pervasive Software Inc.)
"C:\Program Files\Common Files\Peach\V1200\pHttpXfr12.exe" = C:\Program Files\Common Files\Peach\V1200\pHttpXfr12.exe:*:Enabled:pHttpXfr12 -- (Peachtree Software, Inc.)
"C:\Program Files\Common Files\Peach\V1200\OUDownld12.exe" = C:\Program Files\Common Files\Peach\V1200\OUDownld12.exe:*:Enabled:OUDownld12 -- (Peachtree Software)
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal -- File not found
"C:\Documents and Settings\Nick\Desktop\utorrent.exe" = C:\Documents and Settings\Nick\Desktop\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Crystal Decisions\Crystal Reports for Peachtree\crw32.exe" = C:\Program Files\Crystal Decisions\Crystal Reports for Peachtree\crw32.exe:*:Enabled:Crystal Reports -- (Crystal Decisions)
"\\Server\ShipManager\BIN\PocClientNew.exe" = \\Server\ShipManager\BIN\PocClientNew.exe:*:Enabled:PocClientNew.exe
"\\Server\FedEx\ShipManager\BIN\PocClientNew.exe" = \\Server\FedEx\ShipManager\BIN\PocClientNew.exe:*:Enabled:PocClientNew.exe
"\\Server\FedEx\ShipManager\BIN\poc.exe" = \\Server\FedEx\ShipManager\BIN\poc.exe:*:Enabled:poc.exe
"\\Server\FedEx\ShipManager\BIN\BridgeServer.exe" = \\Server\FedEx\ShipManager\BIN\BridgeServer.exe:*:Enabled:BridgeServer.exe
"C:\Program Files\Sage Software\Peachtree\peachw.exe" = C:\Program Files\Sage Software\Peachtree\peachw.exe:*:Enabled:Peachtree Premium Accounting for Distribution 2007 -- (Sage Software SB, Inc.)
"C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE" = C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE:*:Enabled:Microsoft FrontPage -- (Microsoft Corporation)
"C:\Program Files\Client Software(V4.0)\NetAPPSoft.exe" = C:\Program Files\Client Software(V4.0)\NetAPPSoft.exe:*:Enabled:NetAPPSoft Microsoft ??????? -- ()
"E:\setup\HPZNUI01.EXE" = E:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\ACT\Act for Windows\ActSage.exe" = C:\Program Files\ACT\Act for Windows\ActSage.exe:*:Enabled:ACT! by Sage -- (Sage Software, Inc.)
"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" = C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:*:Enabled:sqlservr.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" = C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe:*:Enabled:sqlbrowser.exe -- (Microsoft Corporation)
"C:\Program Files\ProxyWay\proxyway.exe" = C:\Program Files\ProxyWay\proxyway.exe:*:Enabled:ProxyWay -- File not found
"C:\Documents and Settings\Nick\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Nick\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- File not found
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\TD AMERITRADE\StrategyDesk\StrategyDesk.exe" = C:\Program Files\TD AMERITRADE\StrategyDesk\StrategyDesk.exe:*:Enabled:StrategyDesk -- (TD AMERITRADE Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{0736311A-BCF5-4F80-AC0F-FE4E55DBF969}" = Peachtree Accounting 2008
"{1015A892-D3E8-4D56-A453-E93EBE762EC1}" = Check Site Relay 3.0.6
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 18
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{303379C9-8610-4CCF-AF37-C4BF8998C591}" = Roxio Media Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53952F34-D003-4854-B260-4361F0E323D9}" = LoanAmortizer Enterprise Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54171166-15FF-4B93-A1C3-6ABE58ED2F2C}" = FedEx Ship Manager Network Client
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6D0471CF-753B-4DCC-9E3A-5614D4276D9D}" = ACT! Link for Peachtree
"{6E4D4E0B-02F6-46C1-BAE5-1B6B2E486A7B}" = Microsoft Office Live Meeting 2007
"{71A7D000-0D1F-4CF9-BB75-BB5920436F0C}" = Crystal Reports for Peachtree
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88164D59-4FFD-4874-93BC-5E001A7938F3}" = MySQL Connector/ODBC 3.51
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BCB844B-0814-4354-A413-1063DB4618E9}" = PeachTree Signature Ready Forms
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90B57EB2-756E-48DE-86B9-6CD3B97B2490}" = Client software(v4.0)
"{926933C7-B2B4-4CF9-8659-7026913FC032}" = QBXMLRP2
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{99D5EF59-CF6F-4030-901B-4DDDB7F99403}" = Presto! PageManager 7.10
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B10949AD-0C3C-47e8-ADF7-441C1BB9F621}" = C4380
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.0
"{BA2D4D22-0B99-4D63-BCEE-D2EA4736F27F}" = LogMeIn
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BDA128C9-66F5-46c9-A503-AA7098AF384F}" = C4380_Help
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3308F5E-FAA9-4fc5-8975-800C36ECCEAC}" = C4380_doccd
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41E5038-88CE-466F-A01C-0AE65B5FE1F2}" = ACT! by Sage 2008 (10.0)
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CBCFA327-5AED-4159-B04B-7543F10FFFFD}" = TD AMERITRADE StrategyDesk 3.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D51D0886-C933-4ECC-934B-120EF6844F91}" = PTACT
"{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0
"{D793A12F-E362-48BB-B332-1DA5E936B52D}" = BlackBerry Desktop Software 4.3
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Multi-Card Reader / Flash Disk
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F8B5BDDD-4E04-4477-A018-61DCE6186BD3}" = Founder MobileOffice Z28d Corporate
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC3A90ED-68FC-47F9-B94B-72E4E46EC813}" = DigiDoc Scanner
"{FFA2B2B6-3BDE-4728-B404-A16E0F853F6A}" = Microsoft Office Live Meeting 2005
"Ace Utilities_is1" = Ace Utilities
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIM_6" = AIM 6
"avast5" = avast! Free Antivirus
"BlackBerry_{D793A12F-E362-48BB-B332-1DA5E936B52D}" = BlackBerry Desktop Software 4.3
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"CCleaner" = CCleaner (remove only)
"Core FTP LE 2.1" = Core FTP LE 2.1
"eMachineShop" = eMachineShop
"FileZilla Client" = FileZilla Client 3.2.8.1
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0736311A-BCF5-4F80-AC0F-FE4E55DBF969}" = Peachtree Premium Accounting for Distribution 2008
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{C41E5038-88CE-466F-A01C-0AE65B5FE1F2}" = ACT! by Sage 2008 (10.0)
"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"Integration Services" = Sage Software Integration Services
"Jasc Paint Shop Pro 9.01 - (9.0.1.1)" = Jasc Paint Shop Pro 9.01 - (9.0.1.1)
"MailWasher Pro_is1" = MailWasher Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Peachtree Complete Accounting" = Peachtree Complete Accounting 2005
"Peachtree Premium Accounting for Distribution" = Peachtree Premium Accounting for Distribution 2008
"Pervasive Software PSQL v9.1 Workgroup_is1" = Pervasive Software PSQL v9.1 Client
"Pervasive System Analyzer_is1" = Pervasive System Analyzer v9.1
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TD AMERITRADE StrategyDesk 1.3" = TD AMERITRADE StrategyDesk 1.3
"thinkorswim from TD AMERITRADE" = thinkorswim from TD AMERITRADE
"Trade-Ideas Pro_is1" = Trade-Ideas Pro 2.1.4
"VectorEngineer Quick-Tools" = VectorEngineer Quick-Tools
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2052111302-1343024091-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2ec9e9d1bf522caa" = FedEx Desktop Customer Tools
"GoToMeeting" = GoToMeeting 4.1.0.366
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Options 360" = Options 360
"Options 360™" = Options 360™
"SmartDraw 2007" = SmartDraw 2007

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 12/28/2009 1:51:59 PM | Computer Name = AUTOLINE-DFA816 | Source = avast! | ID = 33554522
Description =

Error - 12/28/2009 1:51:59 PM | Computer Name = AUTOLINE-DFA816 | Source = avast! | ID = 33554522
Description =

Error - 12/28/2009 1:51:59 PM | Computer Name = AUTOLINE-DFA816 | Source = avast! | ID = 33554522
Description =

Error - 12/28/2009 1:51:59 PM | Computer Name = AUTOLINE-DFA816 | Source = avast! | ID = 33554522
Description =

Error - 1/13/2010 8:43:36 PM | Computer Name = AUTOLINE-DFA816 | Source = avast! | ID = 33554522
Description =

Error - 1/13/2010 8:43:36 PM | Computer Name = AUTOLINE-DFA816 | Source = avast! | ID = 33554522
Description =

Error - 1/27/2010 6:02:20 PM | Computer Name = AUTOLINE-DFA816 | Source = avast! | ID = 33554522
Description =

Error - 2/4/2010 7:50:38 PM | Computer Name = AUTOLINE-DFA816 | Source = avast! | ID = 33554522
Description =

Error - 2/4/2010 7:50:39 PM | Computer Name = AUTOLINE-DFA816 | Source = avast! | ID = 33554522
Description =

Error - 2/4/2010 7:50:53 PM | Computer Name = AUTOLINE-DFA816 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 3/8/2010 7:40:32 PM | Computer Name = AUTOLINE-DFA816 | Source = Desktop History Queue Provider | ID = 0
Description = The process cannot access the file 'C:\Documents and Settings\Nick\Application
Data\ACT\ACT For Windows 10\HistoryQueue\tmp447.xml' because it is being used by
another process.

Error - 3/9/2010 12:46:41 AM | Computer Name = AUTOLINE-DFA816 | Source = Desktop History Queue Provider | ID = 0
Description = The process cannot access the file 'C:\Documents and Settings\Nick\Application
Data\ACT\ACT For Windows 10\HistoryQueue\tmp57E.xml' because it is being used by
another process.

Error - 3/9/2010 2:00:42 AM | Computer Name = AUTOLINE-DFA816 | Source = Desktop History Queue Provider | ID = 0
Description = The process cannot access the file 'C:\Documents and Settings\Nick\Application
Data\ACT\ACT For Windows 10\HistoryQueue\tmp62B.xml' because it is being used by
another process.

Error - 3/9/2010 5:11:26 PM | Computer Name = AUTOLINE-DFA816 | Source = Application Error | ID = 1000
Description = Faulting application peachw.exe, version 2008.0.3.1823, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0004482a.

Error - 3/9/2010 5:11:26 PM | Computer Name = AUTOLINE-DFA816 | Source = Application Error | ID = 1000
Description = Faulting application peachw.exe, version 2008.0.3.1823, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000449cf.

Error - 3/9/2010 6:25:12 PM | Computer Name = AUTOLINE-DFA816 | Source = Application Hang | ID = 1002
Description = Hanging application peachw.exe, version 2008.0.3.1823, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/9/2010 6:43:10 PM | Computer Name = AUTOLINE-DFA816 | Source = Application Hang | ID = 1002
Description = Hanging application peachw.exe, version 2008.0.3.1823, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/9/2010 6:44:34 PM | Computer Name = AUTOLINE-DFA816 | Source = Application Hang | ID = 1002
Description = Hanging application peachw.exe, version 2008.0.3.1823, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/9/2010 10:51:05 PM | Computer Name = AUTOLINE-DFA816 | Source = Desktop History Queue Provider | ID = 0
Description = The process cannot access the file 'C:\Documents and Settings\Nick\Application
Data\ACT\ACT For Windows 10\HistoryQueue\tmp123.xml' because it is being used by
another process.

Error - 3/10/2010 8:07:12 PM | Computer Name = AUTOLINE-DFA816 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.1.36.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/4/2010 2:25:44 PM | Computer Name = AUTOLINE-DFA816 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 3/8/2010 12:21:47 PM | Computer Name = AUTOLINE-DFA816 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{4128E57F-CEB2-4BD4-AFC1-0FB1A20A4493}. The
backup browser is stopping.

Error - 3/9/2010 7:09:19 PM | Computer Name = AUTOLINE-DFA816 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 3/9/2010 7:11:21 PM | Computer Name = AUTOLINE-DFA816 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/9/2010 7:11:27 PM | Computer Name = AUTOLINE-DFA816 | Source = Service Control Manager | ID = 7022
Description = The ForceWare IP service service hung on starting.

Error - 3/9/2010 7:37:56 PM | Computer Name = AUTOLINE-DFA816 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 3/9/2010 8:41:56 PM | Computer Name = AUTOLINE-DFA816 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 3/10/2010 6:17:07 AM | Computer Name = AUTOLINE-DFA816 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 3/10/2010 6:18:28 AM | Computer Name = AUTOLINE-DFA816 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/10/2010 6:18:31 AM | Computer Name = AUTOLINE-DFA816 | Source = Service Control Manager | ID = 7022
Description = The ForceWare IP service service hung on starting.


< End of report >


---------------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 3/10/2010 5:07:24 PM - Run 1
OTL by OldTimer - Version 3.1.36.0 Folder = C:\Documents and Settings\Nick\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 235.66 Gb Free Space | 84.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 298.09 Gb Total Space | 156.48 Gb Free Space | 52.49% Space Free | Partition Type: NTFS
Drive X: | 298.09 Gb Total Space | 156.48 Gb Free Space | 52.49% Space Free | Partition Type: NTFS
Drive Y: | 298.09 Gb Total Space | 156.48 Gb Free Space | 52.49% Space Free | Partition Type: NTFS
Drive Z: | 298.09 Gb Total Space | 156.48 Gb Free Space | 52.49% Space Free | Partition Type: NTFS

Computer Name: AUTOLINE-DFA816
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/10 16:38:49 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
PRC - [2010/02/11 11:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/11 11:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/05 10:51:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/04 15:57:58 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/02/04 15:57:56 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/13 17:28:00 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/11/13 17:27:40 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/06/22 21:23:38 | 000,196,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/18 22:23:16 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/06 10:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/06/25 10:58:40 | 000,009,728 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\act\Act for Windows\Act.Outlook.Service.exe
PRC - [2008/06/19 16:13:33 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/24 19:52:38 | 027,430,912 | R--- | M] (Sage Software SB, Inc.) -- C:\Program Files\Sage Software\Peachtree\peachw.exe
PRC - [2007/09/13 16:35:08 | 001,261,568 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
PRC - [2007/07/17 13:46:20 | 001,328,400 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
PRC - [2007/05/09 16:58:30 | 000,233,579 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2007/04/17 14:03:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/04/17 14:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2007/04/12 11:56:14 | 000,178,752 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PSIService_2.exe
PRC - [2007/02/21 17:43:20 | 000,155,648 | ---- | M] () -- C:\Program Files\Cyclope Server\CyclopeServer.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/16 19:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 18:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/10/16 21:17:16 | 001,941,784 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2006/10/16 21:13:32 | 000,087,584 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2006/10/16 21:13:28 | 000,230,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2006/10/16 21:12:20 | 001,164,912 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2006/10/11 22:50:35 | 000,008,192 | R--- | M] () -- C:\WINDOWS\system32\srvany.exe
PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/09/11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/08/31 16:56:08 | 000,106,546 | ---- | M] () -- C:\pvsw\bin\w3dbsmgr.exe
PRC - [2006/05/25 18:07:50 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2006/05/25 18:05:50 | 000,172,086 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2002/06/06 14:20:36 | 000,065,536 | ---- | M] () -- C:\WINDOWS\Dit.exe


========== Modules (SafeList) ==========

MOD - [2010/03/10 16:38:49 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/11 11:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 11:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 11:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/04 15:57:56 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/13 17:28:00 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$ACT7) SQL Server (ACT7)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/04/17 14:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/04/12 11:56:14 | 000,178,752 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PSIService_2.exe -- (PSI_SVC_2)
SRV - [2007/02/21 17:43:20 | 000,155,648 | ---- | M] () [Auto | Running] -- C:\Program Files\Cyclope Server\CyclopeServer.exe -- (CyclopeServer)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/16 21:13:28 | 000,230,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/10/11 22:50:35 | 000,008,192 | R--- | M] () [Auto | Running] -- C:\WINDOWS\system32\srvany.exe -- (Pervasive.SQL Workgroup Engine)
SRV - [2006/05/25 18:07:50 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/05/25 18:05:50 | 000,172,086 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)


========== Driver Services (SafeList) ==========

DRV - [2010/02/11 11:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/02/11 11:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/02/11 11:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/02/11 11:38:34 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/02/11 11:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/11 11:38:07 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/02 06:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/13 17:27:43 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/10/17 08:52:56 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/28 15:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/12/26 10:47:30 | 000,272,128 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2007/07/20 15:29:09 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/07/20 15:29:09 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/07/20 15:29:05 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2006/08/14 23:41:16 | 004,368,896 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/16 04:25:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/05/16 04:25:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/05/16 04:24:52 | 000,109,568 | R--- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)
DRV - [2006/05/01 02:27:00 | 000,100,736 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/12/28 02:01:34 | 003,530,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/06/20 07:08:44 | 002,324,480 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/02/11 03:11:32 | 000,016,640 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvcchflt.sys -- (nvcchflt)
DRV - [2005/02/11 03:11:02 | 000,089,856 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {4B7860A0-8F35-4AAF-A227-89B4D0F352F1}:1.9.1
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.3
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.3
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100207
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.74
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.share_proxy_settings: true


FF - HKLM\software\mozilla\Firefox\Extensions\\{4B7860A0-8F35-4AAF-A227-89B4D0F352F1}: C:\Documents and Settings\Nick\Local Settings\Application Data\{4B7860A0-8F35-4AAF-A227-89B4D0F352F1} [2010/02/04 17:13:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/17 16:15:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/07 22:44:07 | 000,000,000 | ---D | M]

[2008/02/19 09:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Extensions
[2010/03/09 18:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\iksu3nxf.default\extensions
[2009/09/02 16:27:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\iksu3nxf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/22 08:57:55 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\iksu3nxf.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2010/02/07 21:44:38 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\iksu3nxf.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/02/07 21:44:36 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\iksu3nxf.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010/02/07 21:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\iksu3nxf.default\extensions\chromifox@altmusictv.com
[2010/02/07 21:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\iksu3nxf.default\extensions\nasanightlaunch@example.com
[2010/01/15 14:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\iksu3nxf.default\extensions\personas@christopher.beard
[2009/06/18 11:50:51 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\iksu3nxf.default\searchplugins\aim-search.xml
[2010/03/09 18:49:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/24 09:47:40 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2008/06/24 09:47:41 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2008/06/24 09:47:39 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2008/01/17 13:17:00 | 002,609,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2007/08/09 17:50:18 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/08/09 13:08:00 | 000,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2007/08/09 13:10:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

O1 HOSTS File: ([2010/02/18 16:25:35 | 000,380,725 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13117 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll ()
O3 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe (Sage Software SB, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SystemRestore] C:\WINDOWS\SysRestore\SystemRestore.DLL (SysRestore)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003..\Run: [RIMDeviceManager] C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
O4 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DigiDoc.lnk = C:\Program Files\Founder\MobileOffice Z28d Corporate\DigiDoc.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: ameritrade.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: ameritrade.com ([wwws] * in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: grimyglendale.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: is10-soft-download.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: nxcore.net ([bar1] * in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: nxcore.net ([bar2] * in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: streamer.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: streamer.com ([ameritrade01] * in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: streamer.com ([ameritrade02] * in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: streamer.com ([ameritrade03] * in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: streamer.com ([ameritrade04] * in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: tdameritrade.com ([apis] * in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range78 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range79 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range80 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range81 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range82 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range83 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range84 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range85 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range86 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range87 ([*] in Trusted sites)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1176756738906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E3CF5F1B-C29E-4D21-B695-E1B0E1CB6EC9} http://192.168.1.64/codebase/NewHCNetActiveX.cab (Newocx Control)
O18 - Protocol\Handler\ActLink {2A0C35F4-82A3-4C80-919D-7879FEE79DF6} - C:\Program Files\act\Act for Windows\Plugins\actlink.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Nick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/30 15:44:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/03 18:38:10 | 000,000,000 | ---D | M] - W:\Autoline-database files -- [ NTFS ]
O32 - Unable to obtain root file information for disk W:\
O32 - AutoRun File - [2009/10/26 10:00:37 | 000,000,000 | ---D | M] - Y:\autobackup -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/11/30 15:44:06 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe - (Research In Motion Limited)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pervasive.SQL Workgroup Engine.lnk - C:\pvsw\bin\w3dbsmgr.exe - ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010/03/10 16:38:37 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
[2010/03/09 17:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Desktop\st184
[2010/03/09 16:16:57 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/02/17 15:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/17 15:44:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/15 12:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Desktop\Wells Fargo
[2010/02/11 19:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ahead
[2010/02/10 14:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/02/10 14:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/02/09 15:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Office Genuine Advantage
[2010/02/09 15:02:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nick\Recent
[2010/02/09 14:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/02/09 14:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/02/09 14:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/02/09 14:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/02/09 14:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/02/09 14:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/02/09 14:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/02/09 14:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/02/09 14:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/02/09 14:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/02/09 14:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/02/09 14:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/02/09 14:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/02/09 14:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/02/09 14:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/02/09 14:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/02/09 14:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2009/11/13 17:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2008/08/06 18:15:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/04/29 09:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/03/10 12:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/10/15 20:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/10 17:09:32 | 000,000,848 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/03/10 16:38:49 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
[2010/03/10 15:59:24 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/10 15:59:24 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/03/10 15:59:23 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/03/10 15:59:22 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/10 15:59:20 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/10 10:08:46 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/03/10 10:08:44 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Nick\pool.bin
[2010/03/10 10:08:20 | 000,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/10 10:08:05 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/10 10:08:03 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/03/10 03:17:07 | 000,113,972 | ---- | M] () -- C:\WINDOWS\System32\nvdb02.adghz
[2010/03/10 03:16:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/10 03:16:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/10 03:15:51 | 015,204,352 | -H-- | M] () -- C:\Documents and Settings\Nick\NTUSER.DAT
[2010/03/10 03:15:45 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Nick\ntuser.ini
[2010/03/09 21:13:33 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Ksport PO Form#100303.xls
[2010/03/09 19:29:07 | 000,712,358 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/09 19:29:07 | 000,579,716 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/09 19:29:07 | 000,121,468 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/09 16:40:30 | 000,000,825 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/08 22:50:57 | 000,225,301 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\DSC08040 copy.jpg
[2010/03/08 22:50:55 | 000,169,676 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\DSC08033 copy.jpg
[2010/03/08 19:36:20 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\development list.xls
[2010/03/08 17:16:49 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\agreement JA#5.doc
[2010/03/08 17:04:03 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\SE20100208(purchasing order#646,#652).xls
[2010/03/08 16:40:44 | 000,000,039 | ---- | M] () -- C:\WINDOWS\PocClientNew.INI
[2010/03/06 16:46:10 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/03/05 15:46:03 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\inv.xls
[2010/03/05 09:03:33 | 000,000,108 | ---- | M] () -- C:\Documents and Settings\Nick\options360.properties
[2010/03/04 14:54:23 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Default.rdp
[2010/03/04 11:22:52 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/03/03 20:50:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/25 09:52:38 | 000,114,533 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Subaru 93~98.pdf
[2010/02/23 15:53:13 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/23 15:43:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/22 10:54:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/19 14:42:41 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Home (Ksport).URL
[2010/02/19 14:26:15 | 000,000,980 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Shortcut to Matt To Do.xls.lnk
[2010/02/18 16:25:35 | 000,380,725 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/11 13:04:33 | 003,126,354 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\NicholasJackson_Equifax-2010.pdf
[2010/02/11 12:09:43 | 000,001,856 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Options 360.lnk
[2010/02/11 11:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/11 11:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/11 11:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/11 11:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/11 11:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/11 11:38:34 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/11 11:38:31 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/11 11:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/11 11:38:07 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/11 11:10:05 | 000,575,387 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\RESOLUTION_REQUEST_PACKAGE.pdf
[2010/02/10 17:26:57 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Problems.doc
[2010/02/10 13:20:18 | 000,379,023 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100218-162535.backup
[2010/02/09 16:03:55 | 000,658,844 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\tools_sbf_finasst413.pdf
[2010/02/09 13:07:17 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Spybot - Search & Destroy.lnk
[2010/02/09 12:42:15 | 000,000,089 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/02/09 12:28:51 | 000,379,063 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100210-132018.backup
[2010/02/09 12:05:15 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Ace Utilities.lnk
[2010/02/09 10:45:11 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Bguyakiheva.dat
[2010/02/09 08:41:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Pvizaneya.bin
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/08 22:50:57 | 000,225,301 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\DSC08040 copy.jpg
[2010/03/08 22:50:55 | 000,169,676 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\DSC08033 copy.jpg
[2010/03/08 19:35:31 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\development list.xls
[2010/03/08 17:08:36 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\agreement JA#5.doc
[2010/03/08 17:04:03 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\SE20100208(purchasing order#646,#652).xls
[2010/03/05 15:46:03 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\inv.xls
[2010/03/03 20:19:13 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Ksport PO Form#100303.xls
[2010/02/25 09:52:38 | 000,114,533 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Subaru 93~98.pdf
[2010/02/23 15:43:44 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/02/19 14:42:41 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Home (Ksport).URL
[2010/02/19 14:26:15 | 000,000,980 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Shortcut to Matt To Do.xls.lnk
[2010/02/11 13:04:33 | 003,126,354 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\NicholasJackson_Equifax-2010.pdf
[2010/02/11 12:09:43 | 000,001,856 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Options 360.lnk
[2010/02/11 11:10:04 | 000,575,387 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\RESOLUTION_REQUEST_PACKAGE.pdf
[2010/02/10 16:04:53 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Problems.doc
[2010/02/10 14:56:30 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/02/09 14:40:49 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/02/09 12:42:15 | 000,000,089 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/09 12:24:46 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Spybot - Search & Destroy.lnk
[2010/02/09 12:05:15 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Ace Utilities.lnk
[2009/09/28 13:07:07 | 000,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2009/09/28 13:07:07 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll
[2009/09/28 11:49:25 | 000,000,120 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2009/09/28 11:47:34 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2009/09/28 10:20:51 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\RtlGina2.dll
[2009/08/03 15:07:42 | 000,667,136 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/08 17:37:13 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/08/28 14:38:49 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\rx_audio.Cache
[2008/08/06 15:09:14 | 000,002,838 | ---- | C] () -- C:\WINDOWS\ptact150.ini
[2008/08/06 15:09:14 | 000,000,791 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2008/07/03 15:07:21 | 000,000,848 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/07/03 15:07:21 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\791F852D7E.sys
[2008/07/03 15:07:14 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Nick\Application Data\ActUpdate.log
[2008/06/28 13:24:27 | 000,009,845 | ---- | C] () -- C:\WINDOWS\System32\mswonioee.dll
[2008/06/17 12:31:11 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/03/31 12:52:24 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS
[2008/02/28 15:13:10 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/02/28 15:13:10 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/02/28 15:12:40 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/02/28 15:12:40 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/02/28 15:12:36 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/02/28 12:15:07 | 000,589,824 | ---- | C] () -- C:\WINDOWS\System32\playm4.dll
[2008/01/01 23:32:20 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\BUICSCAN.INI
[2007/12/05 05:00:12 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\mstocioed.dll
[2007/10/15 17:33:35 | 000,045,056 | ---- | C] () -- C:\WINDOWS\Dit.dll
[2007/10/15 17:33:35 | 000,000,257 | ---- | C] () -- C:\WINDOWS\Dit.ini
[2007/09/13 13:32:32 | 000,001,334 | ---- | C] () -- C:\WINDOWS\stock.INI
[2007/08/29 02:07:34 | 000,001,757 | ---- | C] () -- C:\WINDOWS\PPAD150.ini
[2007/08/13 12:11:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/10 15:20:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\langchg.dll
[2007/07/25 09:55:18 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\ShowHCRemCfgWnd.dll
[2007/07/20 16:01:31 | 000,000,039 | ---- | C] () -- C:\WINDOWS\PocClientNew.INI
[2007/06/01 13:33:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\RemoteCfgRes_ENG.dll
[2007/03/30 17:03:08 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\fusioncache.dat
[2007/02/15 18:17:35 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/01 14:22:56 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\RemoteCfgRes_TRAD.dll
[2007/02/01 14:13:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\RemoteCfgRes_CHI.dll
[2007/01/29 14:58:39 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/01/22 11:54:56 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\HCNetSDK.dll
[2006/12/13 16:30:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/12/12 13:43:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tracklogic.INI
[2006/12/12 08:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ADMINSVC.INI
[2006/12/06 16:03:44 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/01 09:38:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\absdatasvc.INI
[2006/11/30 18:36:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\revservice.INI
[2006/11/30 18:36:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\comm.INI
[2006/11/30 18:36:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\applogic.INI
[2006/11/30 17:58:42 | 000,000,039 | ---- | C] () -- C:\WINDOWS\poc.INI
[2006/11/30 17:29:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/30 17:19:15 | 000,000,985 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/30 17:04:38 | 000,001,582 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2006/11/30 15:58:13 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006/11/30 15:58:05 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/11/30 15:51:11 | 000,000,258 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2006/10/12 01:50:16 | 000,001,758 | ---- | C] () -- C:\WINDOWS\PPAD140.INI_upg2008
[2005/12/28 02:01:54 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/28 02:01:54 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/28 02:01:52 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/28 02:01:46 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/12/28 02:01:44 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/28 02:01:44 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/28 02:01:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/07/28 11:32:32 | 000,005,291 | ---- | C] () -- C:\WINDOWS\System32\DCCAPI.ini
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/04/02 14:01:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\HPB1320V.DLL
[2003/02/18 09:28:14 | 000,003,033 | ---- | C] () -- C:\WINDOWS\PCW120.INI_upg2007
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/10 14:34:34 | 001,310,720 | ---- | C] () -- C:\WINDOWS\System32\Veceng52.dll
[2002/06/10 14:29:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\arrgrid.dll
[2002/05/21 12:29:58 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\bmw.dll
[2001/07/31 10:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2010/01/05 03:00:24 | 000,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[2008/04/13 17:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/02/28 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/12 16:55:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/12 16:55:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/12 16:55:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/12 16:55:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2006/02/28 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2006/02/28 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2006/02/28 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/05/01 02:27:00 | 000,100,736 | R--- | M] (NVIDIA Corporation) MD5=49628180ADB2E043CE017D85014BB751 -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >
[2005/02/11 03:11:02 | 000,089,856 | R--- | M] (NVIDIA Corporation) MD5=83F0275A21D9772B51CEF57E35AFAE61 -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: PROQUOTA.EXE >
[2006/02/28 05:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 17:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 17:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: SCECLI.DLL >
[2006/02/28 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8927A071
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663565B1
< End of report >


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:11 PM

Posted 10 March 2010 - 07:50 PM

I don't see much in your logs, can you tell me what problems you are currently having?

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

unite.jpg


#5 ksport

ksport
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 10 March 2010 - 11:36 PM

I was infected with the internet security 2010 virus, after about a week i got it all removed, but when i click on links on google it gets redirected to spam sites still.

and its strange i ran mbam alot of times, but after the update today it just found more items, the post is below.

and i see you said you didnt see anything, but i notice the strange links from the above post, are these normal??

O1 HOSTS File: ([2010/02/18 16:25:35 | 000,380,725 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13117 more lines...





but here is the mbam report

Malwarebytes' Anti-Malware 1.44
Database version: 3850
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

3/10/2010 9:32:23 PM
mbam-log-2010-03-10 (21-32-23).txt

Scan type: Quick Scan
Objects scanned: 135988
Time elapsed: 8 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-is2010.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-is2010.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is10-soft-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:11 PM

Posted 11 March 2010 - 06:15 PM

Run OTL again and post the new logplease.

QUOTE
i notice the strange links from the above post, are these normal??


Yes

unite.jpg


#7 ksport

ksport
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 11 March 2010 - 10:49 PM

thanks for your help, i really appreciate it alot.

OTL logfile created on: 3/11/2010 8:43:31 PM - Run 2
OTL by OldTimer - Version 3.1.36.0 Folder = C:\Documents and Settings\Nick\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 26.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 235.51 Gb Free Space | 84.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 298.09 Gb Total Space | 164.58 Gb Free Space | 55.21% Space Free | Partition Type: NTFS
Drive X: | 298.09 Gb Total Space | 164.58 Gb Free Space | 55.21% Space Free | Partition Type: NTFS
Drive Y: | 298.09 Gb Total Space | 164.58 Gb Free Space | 55.21% Space Free | Partition Type: NTFS
Drive Z: | 298.09 Gb Total Space | 164.58 Gb Free Space | 55.21% Space Free | Partition Type: NTFS

Computer Name: AUTOLINE-DFA816
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/10 16:38:49 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
PRC - [2010/02/11 11:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/11 11:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/05 10:51:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/04 15:57:58 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/02/04 15:57:56 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/13 17:28:00 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/11/13 17:27:40 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/06/22 21:23:38 | 000,196,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/18 22:23:16 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/06 10:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/06/25 10:58:40 | 000,009,728 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\act\Act for Windows\Act.Outlook.Service.exe
PRC - [2008/06/19 16:13:33 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/24 19:52:38 | 027,430,912 | R--- | M] (Sage Software SB, Inc.) -- C:\Program Files\Sage Software\Peachtree\peachw.exe
PRC - [2007/09/13 16:35:08 | 001,261,568 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
PRC - [2007/07/17 13:46:20 | 001,328,400 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
PRC - [2007/05/09 16:58:30 | 000,233,579 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2007/04/17 14:03:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/04/17 14:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2007/04/12 11:56:14 | 000,178,752 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PSIService_2.exe
PRC - [2007/02/21 17:43:20 | 000,155,648 | ---- | M] () -- C:\Program Files\Cyclope Server\CyclopeServer.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/16 19:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 18:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/10/16 21:17:16 | 001,941,784 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2006/10/16 21:13:32 | 000,087,584 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2006/10/16 21:13:28 | 000,230,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2006/10/16 21:12:20 | 001,164,912 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2006/10/11 22:50:35 | 000,008,192 | R--- | M] () -- C:\WINDOWS\system32\srvany.exe
PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/09/11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/08/31 16:56:08 | 000,106,546 | ---- | M] () -- C:\pvsw\bin\w3dbsmgr.exe
PRC - [2006/05/25 18:07:50 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2006/05/25 18:05:50 | 000,172,086 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2002/06/06 14:20:36 | 000,065,536 | ---- | M] () -- C:\WINDOWS\Dit.exe


========== Modules (SafeList) ==========

MOD - [2010/03/10 16:38:49 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/11 11:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 11:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 11:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/04 15:57:56 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/13 17:28:00 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$ACT7) SQL Server (ACT7)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/04/17 14:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/04/12 11:56:14 | 000,178,752 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PSIService_2.exe -- (PSI_SVC_2)
SRV - [2007/02/21 17:43:20 | 000,155,648 | ---- | M] () [Auto | Running] -- C:\Program Files\Cyclope Server\CyclopeServer.exe -- (CyclopeServer)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/16 21:13:28 | 000,230,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/10/11 22:50:35 | 000,008,192 | R--- | M] () [Auto | Running] -- C:\WINDOWS\system32\srvany.exe -- (Pervasive.SQL Workgroup Engine)
SRV - [2006/05/25 18:07:50 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/05/25 18:05:50 | 000,172,086 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)


========== Driver Services (SafeList) ==========

DRV - [2010/02/11 11:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/02/11 11:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/02/11 11:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/02/11 11:38:34 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/02/11 11:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/11 11:38:07 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/02 06:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/13 17:27:43 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/10/17 08:52:56 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/28 15:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/12/26 10:47:30 | 000,272,128 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2007/07/20 15:29:09 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/07/20 15:29:09 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/07/20 15:29:05 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2006/08/14 23:41:16 | 004,368,896 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/16 04:25:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/05/16 04:25:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/05/16 04:24:52 | 000,109,568 | R--- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)
DRV - [2006/05/01 02:27:00 | 000,100,736 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/12/28 02:01:34 | 003,530,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/06/20 07:08:44 | 002,324,480 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/02/11 03:11:32 | 000,016,640 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvcchflt.sys -- (nvcchflt)
DRV - [2005/02/11 03:11:02 | 000,089,856 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {4B7860A0-8F35-4AAF-A227-89B4D0F352F1}:1.9.1
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.3
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.3
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100207
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.74
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.share_proxy_settings: true


FF - HKLM\software\mozilla\Firefox\Extensions\\{4B7860A0-8F35-4AAF-A227-89B4D0F352F1}: C:\Documents and Settings\Nick\Local Settings\Application Data\{4B7860A0-8F35-4AAF-A227-89B4D0F352F1} [2010/02/04 17:13:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/17 16:15:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/07 22:44:07 | 000,000,000 | ---D | M]

[2008/02/19 09:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Extensions
[2010/03/11 19:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\iksu3nxf.default\extensions
[2009/09/02 16:27:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\iksu3nxf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/22 08:57:55 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\iksu3nxf.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2010/02/07 21:44:38 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\iksu3nxf.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/02/07 21:44:36 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\iksu3nxf.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010/02/07 21:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\iksu3nxf.default\extensions\chromifox@altmusictv.com
[2010/02/07 21:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\iksu3nxf.default\extensions\nasanightlaunch@example.com
[2010/01/15 14:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\iksu3nxf.default\extensions\personas@christopher.beard
[2009/06/18 11:50:51 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\iksu3nxf.default\searchplugins\aim-search.xml
[2010/03/11 19:49:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/24 09:47:40 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2008/06/24 09:47:41 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2008/06/24 09:47:39 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2008/01/17 13:17:00 | 002,609,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2007/08/09 17:50:18 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/08/09 13:08:00 | 000,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2007/08/09 13:10:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

O1 HOSTS File: ([2010/02/18 16:25:35 | 000,380,725 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13117 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll ()
O3 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe (Sage Software SB, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SystemRestore] C:\WINDOWS\SysRestore\SystemRestore.DLL (SysRestore)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003..\Run: [RIMDeviceManager] C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
O4 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DigiDoc.lnk = C:\Program Files\Founder\MobileOffice Z28d Corporate\DigiDoc.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: ameritrade.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: ameritrade.com ([wwws] * in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: grimyglendale.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: nxcore.net ([bar1] * in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: nxcore.net ([bar2] * in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: streamer.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: streamer.com ([ameritrade01] * in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: streamer.com ([ameritrade02] * in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: streamer.com ([ameritrade03] * in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: streamer.com ([ameritrade04] * in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Domains: tdameritrade.com ([apis] * in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range78 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range79 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range80 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range81 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range82 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range83 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range84 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range85 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range86 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1343024091-839522115-1003\..Trusted Ranges: Range87 ([*] in Trusted sites)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1176756738906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E3CF5F1B-C29E-4D21-B695-E1B0E1CB6EC9} http://192.168.1.64/codebase/NewHCNetActiveX.cab (Newocx Control)
O18 - Protocol\Handler\ActLink {2A0C35F4-82A3-4C80-919D-7879FEE79DF6} - C:\Program Files\act\Act for Windows\Plugins\actlink.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Nick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/30 15:44:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/03 18:38:10 | 000,000,000 | ---D | M] - W:\Autoline-database files -- [ NTFS ]
O32 - Unable to obtain root file information for disk W:\
O32 - AutoRun File - [2009/10/26 10:00:37 | 000,000,000 | ---D | M] - Y:\autobackup -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/11 10:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/03/10 16:38:37 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
[2010/03/09 17:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Desktop\st184
[2010/03/09 16:16:57 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/02/17 15:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/17 15:44:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/15 12:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Desktop\Wells Fargo
[2010/02/11 19:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ahead
[2010/02/10 14:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/02/10 14:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/11/13 17:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2008/08/06 18:15:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/04/29 09:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/03/10 12:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/10/15 20:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/11 20:35:36 | 000,000,848 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/03/11 16:11:31 | 000,762,491 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\IMG_0672.JPG
[2010/03/11 15:58:15 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/11 15:58:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/11 09:59:04 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/03/11 09:59:04 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/03/11 09:59:04 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/10 21:41:12 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/10 21:40:11 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/03/10 21:40:07 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Nick\pool.bin
[2010/03/10 21:39:48 | 000,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/10 21:39:33 | 000,114,712 | ---- | M] () -- C:\WINDOWS\System32\nvdb02.adghz
[2010/03/10 21:39:31 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/03/10 21:39:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/10 21:39:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/10 21:38:09 | 015,204,352 | -H-- | M] () -- C:\Documents and Settings\Nick\NTUSER.DAT
[2010/03/10 21:38:09 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Nick\ntuser.ini
[2010/03/10 20:50:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/10 16:38:49 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
[2010/03/09 21:13:33 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Ksport PO Form#100303.xls
[2010/03/09 19:29:07 | 000,712,358 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/09 19:29:07 | 000,579,716 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/09 19:29:07 | 000,121,468 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/09 16:40:30 | 000,000,825 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/08 22:50:57 | 000,225,301 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\DSC08040 copy.jpg
[2010/03/08 22:50:55 | 000,169,676 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\DSC08033 copy.jpg
[2010/03/08 19:36:20 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\development list.xls
[2010/03/08 17:16:49 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\agreement JA#5.doc
[2010/03/08 17:04:03 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\SE20100208(purchasing order#646,#652).xls
[2010/03/08 16:40:44 | 000,000,039 | ---- | M] () -- C:\WINDOWS\PocClientNew.INI
[2010/03/06 16:46:10 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/03/05 15:46:03 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\inv.xls
[2010/03/05 09:03:33 | 000,000,108 | ---- | M] () -- C:\Documents and Settings\Nick\options360.properties
[2010/03/04 14:54:23 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Default.rdp
[2010/03/04 11:22:52 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/02/25 09:52:38 | 000,114,533 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Subaru 93~98.pdf
[2010/02/23 15:53:13 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/23 15:43:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/22 10:54:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/19 14:42:41 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Home (Ksport).URL
[2010/02/19 14:26:15 | 000,000,980 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Shortcut to Matt To Do.xls.lnk
[2010/02/18 16:25:35 | 000,380,725 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/11 13:04:33 | 003,126,354 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\NicholasJackson_Equifax-2010.pdf
[2010/02/11 12:09:43 | 000,001,856 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Options 360.lnk
[2010/02/11 11:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/11 11:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/11 11:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/11 11:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/11 11:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/11 11:38:34 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/11 11:38:31 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/11 11:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/11 11:38:07 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/11 11:10:05 | 000,575,387 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\RESOLUTION_REQUEST_PACKAGE.pdf
[2010/02/10 17:26:57 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Problems.doc
[2010/02/10 13:20:18 | 000,379,023 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100218-162535.backup
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/11 16:11:31 | 000,762,491 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\IMG_0672.JPG
[2010/03/08 22:50:57 | 000,225,301 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\DSC08040 copy.jpg
[2010/03/08 22:50:55 | 000,169,676 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\DSC08033 copy.jpg
[2010/03/08 19:35:31 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\development list.xls
[2010/03/08 17:08:36 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\agreement JA#5.doc
[2010/03/08 17:04:03 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\SE20100208(purchasing order#646,#652).xls
[2010/03/05 15:46:03 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\inv.xls
[2010/03/03 20:19:13 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Ksport PO Form#100303.xls
[2010/02/25 09:52:38 | 000,114,533 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Subaru 93~98.pdf
[2010/02/23 15:43:44 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/02/19 14:42:41 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Home (Ksport).URL
[2010/02/19 14:26:15 | 000,000,980 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Shortcut to Matt To Do.xls.lnk
[2010/02/11 13:04:33 | 003,126,354 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\NicholasJackson_Equifax-2010.pdf
[2010/02/11 12:09:43 | 000,001,856 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Options 360.lnk
[2010/02/11 11:10:04 | 000,575,387 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\RESOLUTION_REQUEST_PACKAGE.pdf
[2010/02/10 16:04:53 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Problems.doc
[2010/02/10 14:56:30 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/02/09 12:42:15 | 000,000,089 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/28 13:07:07 | 000,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2009/09/28 13:07:07 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll
[2009/09/28 11:49:25 | 000,000,120 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2009/09/28 11:47:34 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2009/09/28 10:20:51 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\RtlGina2.dll
[2009/08/03 15:07:42 | 000,667,136 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/08 17:37:13 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/08/28 14:38:49 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\rx_audio.Cache
[2008/08/06 15:09:14 | 000,002,838 | ---- | C] () -- C:\WINDOWS\ptact150.ini
[2008/08/06 15:09:14 | 000,000,791 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2008/07/03 15:07:21 | 000,000,848 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/07/03 15:07:21 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\791F852D7E.sys
[2008/07/03 15:07:14 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Nick\Application Data\ActUpdate.log
[2008/06/28 13:24:27 | 000,009,845 | ---- | C] () -- C:\WINDOWS\System32\mswonioee.dll
[2008/06/17 12:31:11 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/03/31 12:52:24 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS
[2008/02/28 15:13:10 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/02/28 15:13:10 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/02/28 15:12:40 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/02/28 15:12:40 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/02/28 15:12:36 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/02/28 12:15:07 | 000,589,824 | ---- | C] () -- C:\WINDOWS\System32\playm4.dll
[2008/01/01 23:32:20 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\BUICSCAN.INI
[2007/12/05 05:00:12 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\mstocioed.dll
[2007/10/15 17:33:35 | 000,045,056 | ---- | C] () -- C:\WINDOWS\Dit.dll
[2007/10/15 17:33:35 | 000,000,257 | ---- | C] () -- C:\WINDOWS\Dit.ini
[2007/09/13 13:32:32 | 000,001,334 | ---- | C] () -- C:\WINDOWS\stock.INI
[2007/08/29 02:07:34 | 000,001,757 | ---- | C] () -- C:\WINDOWS\PPAD150.ini
[2007/08/13 12:11:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/10 15:20:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\langchg.dll
[2007/07/25 09:55:18 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\ShowHCRemCfgWnd.dll
[2007/07/20 16:01:31 | 000,000,039 | ---- | C] () -- C:\WINDOWS\PocClientNew.INI
[2007/06/01 13:33:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\RemoteCfgRes_ENG.dll
[2007/03/30 17:03:08 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\fusioncache.dat
[2007/02/15 18:17:35 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/01 14:22:56 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\RemoteCfgRes_TRAD.dll
[2007/02/01 14:13:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\RemoteCfgRes_CHI.dll
[2007/01/29 14:58:39 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/01/22 11:54:56 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\HCNetSDK.dll
[2006/12/13 16:30:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/12/12 13:43:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tracklogic.INI
[2006/12/12 08:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ADMINSVC.INI
[2006/12/06 16:03:44 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/01 09:38:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\absdatasvc.INI
[2006/11/30 18:36:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\revservice.INI
[2006/11/30 18:36:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\comm.INI
[2006/11/30 18:36:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\applogic.INI
[2006/11/30 17:58:42 | 000,000,039 | ---- | C] () -- C:\WINDOWS\poc.INI
[2006/11/30 17:29:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/30 17:19:15 | 000,000,985 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/30 17:04:38 | 000,001,582 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2006/11/30 15:58:13 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006/11/30 15:58:05 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/11/30 15:51:11 | 000,000,258 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2006/10/12 01:50:16 | 000,001,758 | ---- | C] () -- C:\WINDOWS\PPAD140.INI_upg2008
[2005/12/28 02:01:54 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/28 02:01:54 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/28 02:01:52 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/28 02:01:46 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/12/28 02:01:44 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/28 02:01:44 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/28 02:01:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/07/28 11:32:32 | 000,005,291 | ---- | C] () -- C:\WINDOWS\System32\DCCAPI.ini
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/04/02 14:01:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\HPB1320V.DLL
[2003/02/18 09:28:14 | 000,003,033 | ---- | C] () -- C:\WINDOWS\PCW120.INI_upg2007
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/10 14:34:34 | 001,310,720 | ---- | C] () -- C:\WINDOWS\System32\Veceng52.dll
[2002/06/10 14:29:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\arrgrid.dll
[2002/05/21 12:29:58 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\bmw.dll
[2001/07/31 10:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8927A071
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663565B1
< End of report >



#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:11 PM

Posted 12 March 2010 - 05:54 PM

Hi,

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe
  • Copy and paste the contents of mbr.log on your next reply.


Then please post back here with the following logs:
  • GooredFix.txt
  • mbr.log

Thanks

unite.jpg


#9 ksport

ksport
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 12 March 2010 - 09:26 PM

GooredFix by jpshortstuff (08.01.10.1)
Log created at 19:17 on 12/03/2010 (Nick)
Firefox version 3.6 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{4B7860A0-8F35-4AAF-A227-89B4D0F352F1} -> Success!
Deleting C:\Documents and Settings\Nick\Local Settings\Application Data\{4B7860A0-8F35-4AAF-A227-89B4D0F352F1} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [06:37 17/04/2007]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [17:38 05/02/2010]

C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\iksu3nxf.default\extensions\
chromifox@altmusictv.com [04:44 08/02/2010]
nasanightlaunch@example.com [04:44 08/02/2010]
personas@christopher.beard [21:25 15/01/2010]
{20a82645-c095-46ed-80e3-08825760534b} [23:27 02/09/2009]
{2458abc0-f443-11dd-87af-0800200c9a66} [15:57 22/09/2009]
{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [04:44 08/02/2010]
{de5809e0-2b07-11dd-bd0b-0800200c9a66} [04:44 08/02/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [10:05 16/08/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [01:25 25/02/2009]

-=E.O.F=-


------------------------------------------------------------------------------------------------------------------------------------


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
kernel: MBR read successfully
user & kernel MBR OK



#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:11 PM

Posted 13 March 2010 - 04:25 PM

Great, have the redirects stopped now?


Please download JavaRa and unzip it to your desktop.
Then Print these instructions as you won't have Internet access during this particular phase.

Close any instances of Internet Explorer before continuing
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; Select Remove Older Versions, click yes, then ok.
  • A logfile will pop up, you can close it.
  • Now select Additional Tasks and check the following:
    Remove Useless JRE Files
    Remove Startup Entry
  • Click Go then ok to all the prompts, once done restart your computer.



Please run a BitDefender Online Scan

Note: Only works with internet explorer
  • Click on the Start Scanner button.
  • Check I Agree to agree to the EULA, then click start here.
  • Allow the ActiveX control to install when prompted.
  • Click Start scan to begin scanning.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on more details, then click the detected problems tab and click, click here to export the scan report.
  • Save the report to your desktop as results.txt and post it in your next reply.


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • Bitdefender report
  • New DDS log

Thanks

unite.jpg


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:11 PM

Posted 18 March 2010 - 01:30 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users