Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis log, computer blocking Malewarebytes?


  • This topic is locked This topic is locked
44 replies to this topic

#1 emopants92

emopants92

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 17 March 2010 - 01:24 AM

Hi okay this a laptop my mom was using as a spare for her use and gave it to me to use for my class im currently in, the only problem is that she only had macfee and malewarebytes on it and never really ran scans and I can defiantly see the issues on this. Now its becoming a problem because the computer is becoming slower, random websites will pop up or redirect me to links that i didnt click on. Anyways every time i try to run malewarebytes on the computer it say can not find the .exe. I have reinstalled it several of times and tried changing the extension to .dat with no luck. Also im planning on getting rid of the macfee and using AVG, Malewarebytes, and Spybot but need to get rid of all this crap on it first. So thanks for the help here is a hijack this log below

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:35 PM, on 3/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX3225
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe"
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {69949d07-aadb-4873-b3bf-84595f602f47} - zavisomu.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: hupebogi.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6944 bytes


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:58 PM

Posted 20 March 2010 - 11:53 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 emopants92

emopants92
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 22 March 2010 - 02:46 PM

Okay so i ran the program the 2 text files came up froze my laptop and then i had to restart it. So i did and now it wont start up it just gets to the windows loading screen then shows a quick blue screen ( too quick to read) and then starts to reboot again. So im able to get in to the computer in safe mode and transferred the text files to a thumb drive and im going to paste them below. So if there is anyway to atleast get the computer up and running so i can at least use it for my class on tuesdays and thursday nights would be nice then we can work on the maleware issuses. Thanks for all the help
OLT.txt~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL logfile created on: 3/22/2010 6:57:21 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Mitchell\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 521.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1288 1576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.42 Gb Total Space | 36.56 Gb Free Space | 71.10% Space Free | Partition Type: NTFS
Drive D: | 4.45 Gb Total Space | 2.70 Gb Free Space | 60.67% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TFP
Current User Name: Mitchell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/22 06:56:13 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mitchell\My Documents\Downloads\OTL.exe
PRC - [2010/03/16 23:37:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/16 20:53:52 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/16 20:53:51 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/16 20:53:51 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/16 20:53:51 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/16 20:53:48 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/16 20:53:46 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/08 20:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2008/10/06 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2008/10/06 20:50:00 | 000,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/10/06 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/14 04:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/14 04:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2008/03/14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2008/03/14 04:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/03/03 18:05:21 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 000,100,352 | -HS- | M] () -- C:\WINDOWS\system32\dobojobe.dll
MOD - [2099/01/01 12:00:00 | 000,060,928 | -HS- | M] () -- C:\WINDOWS\system32\zavisomu.dll
MOD - [2010/03/22 06:56:13 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mitchell\My Documents\Downloads\OTL.exe
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/16 20:53:46 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/23 14:04:14 | 000,369,920 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2008/10/06 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2008/10/06 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2008/03/14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/03/03 18:05:21 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/01/05 00:27:32 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/03/16 21:58:42 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/03/16 20:54:31 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/16 20:54:30 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/16 20:54:24 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/04 22:58:27 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/08 20:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/10/19 23:00:06 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\androidusb.sys -- (androidusb)
DRV - [2008/10/06 20:50:00 | 000,177,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/10/06 20:50:00 | 000,072,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008/10/06 20:50:00 | 000,064,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/10/06 20:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/10/06 20:50:00 | 000,034,344 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/10/06 20:50:00 | 000,031,816 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/01/14 03:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2006/09/28 15:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2006/03/03 17:59:11 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/10/26 18:08:26 | 003,786,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/10/14 16:29:18 | 001,121,472 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/07 14:37:50 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/09/21 01:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/02/01 12:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 21:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 21:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 21:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 21:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 21:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 20:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 20:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 20:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 20:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 20:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 20:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 20:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 20:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 20:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 20:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX3225
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX3225
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1855163854-4126565775-914878771-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX3225
IE - HKU\S-1-5-21-1855163854-4126565775-914878771-1007\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1855163854-4126565775-914878771-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/16 20:53:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/03/16 20:54:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/16 23:38:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/16 23:38:18 | 000,000,000 | ---D | M]

[2010/03/03 19:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell\Application Data\Mozilla\Extensions
[2010/03/18 16:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell\Application Data\Mozilla\Firefox\Profiles\5nbwrpqr.default\extensions
[2010/03/09 21:41:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mitchell\Application Data\Mozilla\Firefox\Profiles\5nbwrpqr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/12/19 09:57:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/09 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/03/16 20:42:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {69949d07-aadb-4873-b3bf-84595f602f47} - C:\WINDOWS\System32\zavisomu.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1855163854-4126565775-914878771-1007\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1855163854-4126565775-914878771-1007\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [bajaliveh] C:\WINDOWS\System32\dobojobe.DLL ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKU\.DEFAULT..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-18..\Run: [Power2GoExpress] File not found
O4 - Startup: C:\Documents and Settings\Mitchell\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1855163854-4126565775-914878771-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1855163854-4126565775-914878771-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1855163854-4126565775-914878771-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1855163854-4126565775-914878771-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (hupebogi.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\dobojobe.dll) - C:\WINDOWS\system32\dobojobe.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O21 - SSODL: regikanod - {20a6bfb0-f203-4940-b82d-ef780160d76f} - C:\WINDOWS\system32\dobojobe.dll ()
O22 - SharedTaskScheduler: {20a6bfb0-f203-4940-b82d-ef780160d76f} - mujuzedij - C:\WINDOWS\system32\dobojobe.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Mitchell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mitchell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 11:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/03/18 16:23:36 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk - C:\PROGRA~1\BigFix\bigfix.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: Recguard - hkey= - key= - C:\WINDOWS\SMINST\Recguard.exe ()
MsConfig - StartUpReg: Reminder - hkey= - key= - C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: VTTimer - hkey= - key= - File not found
MsConfig - StartUpReg: VTTrayp - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/18 19:13:09 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/18 16:12:43 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01005.dll
[2010/03/18 16:12:43 | 000,025,728 | ---- | C] (Google Inc) -- C:\WINDOWS\System32\drivers\androidusb.sys
[2010/03/18 16:12:43 | 000,009,472 | ---- | C] (June Fabrics Technology) -- C:\WINDOWS\System32\drivers\pnetmdm.sys
[2010/03/18 16:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\PdaNet for Android
[2010/03/16 23:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/16 23:14:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/16 23:14:43 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/16 23:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/16 21:40:55 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\framedyn.dll
[2010/03/16 21:39:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2010/03/16 20:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\AVG Security Toolbar
[2010/03/16 20:54:31 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/16 20:54:31 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/16 20:54:30 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/16 20:54:24 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/16 20:54:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/03/16 20:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/03/16 20:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/16 20:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/16 20:52:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/16 20:52:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/16 20:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/16 20:48:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/16 20:34:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/16 20:32:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/16 20:32:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/16 20:32:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/16 20:32:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/16 20:32:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/16 20:30:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/16 20:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\My Documents\My Received Files
[2010/03/16 18:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Desktop\POWERPOINTS
[2010/03/15 22:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\vlc
[2010/03/15 22:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/03/15 22:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\GRETECH
[2010/03/15 21:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/15 20:47:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mitchell\PrivacIE
[2010/03/15 20:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\AIM Toolbar
[2010/03/15 20:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\ManyCam
[2010/03/15 20:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam 2.4
[2010/03/15 16:28:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\Trillian
[2010/03/15 16:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trillian
[2010/03/15 16:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\.purple
[2010/03/15 16:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\GTK
[2010/03/14 21:47:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mitchell\IETldCache
[2010/03/13 23:25:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/03/13 23:22:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/03/12 19:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\AdobeUM
[2010/03/11 23:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/03/11 21:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\Adobe
[2010/03/11 21:38:46 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/09 22:19:49 | 000,188,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wingde.dll
[2010/03/09 22:19:49 | 000,006,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wingdib.drv
[2010/03/09 22:19:49 | 000,005,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wingpal.wnd
[2010/03/09 22:19:45 | 000,164,928 | ---- | C] (Borland International) -- C:\WINDOWS\bwcc.dll
[2010/03/09 22:19:41 | 000,159,744 | ---- | C] (Borland International) -- C:\WINDOWS\bw320009.dll
[2010/03/09 22:19:35 | 000,222,720 | ---- | C] (Borland International) -- C:\WINDOWS\bc453rtl.dll
[2010/03/09 22:15:38 | 000,000,000 | ---D | C] -- C:\Cardoza
[2010/03/09 22:02:11 | 001,022,976 | ---- | C] (Cendant Software) -- C:\WINDOWS\System32\SIERRANW.DLL
[2010/03/09 22:02:11 | 000,231,936 | ---- | C] (Cendant Software) -- C:\WINDOWS\System32\SNWVALID.DLL
[2010/03/09 22:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra On-Line
[2010/03/09 22:02:06 | 000,000,000 | ---D | C] -- C:\SIERRA
[2010/03/09 21:25:40 | 000,059,856 | ---- | C] (Borland International) -- C:\WINDOWS\bids47.dll
[2010/03/09 21:04:42 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/03/09 21:04:41 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/03/09 20:53:23 | 000,092,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\wing.dll
[2010/03/09 20:53:23 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\wavmix16.dll
[2010/03/09 20:53:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\wing32.dll
[2010/03/09 17:12:19 | 000,092,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wing.dll
[2010/03/09 17:12:19 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wavmix16.dll
[2010/03/09 17:12:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wing32.dll
[2010/03/09 17:11:34 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/03/09 17:09:11 | 000,000,000 | ---D | C] -- C:\14310d54384fa7af91c83606a3
[2010/03/09 17:08:09 | 000,283,648 | ---- | C] (Stirling Technologies, Inc.) -- C:\WINDOWS\uninst.exe
[2010/03/08 21:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Desktop\NES Emulator
[2010/03/07 18:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\Winamp
[2010/03/07 10:39:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/03/07 10:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/03/07 10:31:37 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/03/07 10:31:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/03/07 10:31:36 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/03/07 10:31:35 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/03/07 10:31:32 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/03/07 10:31:32 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/03/07 10:31:29 | 000,000,000 | ---D | C] -- C:\e49cac20ee97ea170143b69810
[2010/03/07 10:30:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/03/04 23:45:44 | 000,032,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2010/03/04 23:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\My Documents\My Albums
[2010/03/04 23:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\IsolatedStorage
[2010/03/04 23:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\HP
[2010/03/04 23:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\ApplicationHistory
[2010/03/04 23:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/03/04 23:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/03/04 23:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/03/04 23:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/03/04 23:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/03/04 23:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/03/04 23:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\Microsoft Help
[2010/03/04 23:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/03/04 23:28:34 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/03/04 23:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/03/04 22:57:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\DAEMON Tools Lite
[2010/03/04 22:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/03/03 22:04:20 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/03/03 22:03:35 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/03/03 22:03:35 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/03/03 20:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\Malwarebytes
[2010/03/03 20:09:54 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/03/03 20:09:49 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/03/03 20:09:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/03/03 20:09:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/03/03 20:09:46 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010/03/03 20:09:43 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010/03/03 20:09:39 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/03/03 20:09:36 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/03/03 20:09:33 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/03/03 20:09:20 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/03/03 20:09:20 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/03/03 20:09:09 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/03/03 20:09:09 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/03/03 20:09:09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/03/03 20:09:09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/03/03 20:09:09 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/03/03 20:09:09 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/03/03 20:09:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/03/03 20:09:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/03/03 20:09:09 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2010/03/03 20:09:09 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2010/03/03 19:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\My Documents\New Folder
[2010/03/03 19:52:12 | 000,051,712 | ---- | C] (Fortech) -- C:\WINDOWS\Foyd.scr
[2010/03/03 19:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Plus!
[2010/03/03 19:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\My Documents\Downloads
[2010/03/03 19:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\Macromedia
[2010/03/03 19:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\Adobe
[2010/03/03 19:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\Mozilla
[2010/03/03 19:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\Mozilla
[2010/03/03 19:46:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Mitchell\Application Data\Microsoft
[2010/03/03 19:46:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mitchell\SendTo
[2010/03/03 19:46:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mitchell\Recent
[2010/03/03 19:46:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mitchell\Application Data
[2010/03/03 19:46:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mitchell\My Documents\My Pictures
[2010/03/03 19:46:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mitchell\My Documents\My Music
[2010/03/03 19:46:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mitchell\My Documents
[2010/03/03 19:46:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mitchell\Favorites
[2010/03/03 19:46:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mitchell\Cookies
[2010/03/03 19:46:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mitchell\PrintHood
[2010/03/03 19:46:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mitchell\NetHood
[2010/03/03 19:46:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mitchell\Local Settings
[2010/03/03 19:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\You've Got Pictures Screensaver
[2010/03/03 19:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\SampleView
[2010/03/03 19:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\Microsoft
[2010/03/03 19:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\Identities
[2010/03/03 19:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Desktop
[2010/03/03 19:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\AOL
[2010/03/03 19:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
[2010/03/03 19:46:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mitchell\Start Menu
[2010/03/03 19:46:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mitchell\Templates
[2010/03/03 19:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\WINDOWS
[2006/11/14 09:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2006/10/06 08:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2006/08/23 13:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/06/15 10:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,100,352 | -HS- | M] () -- C:\WINDOWS\System32\panasoba.dll
[2099/01/01 12:00:00 | 000,100,352 | -HS- | M] () -- C:\WINDOWS\System32\dobojobe.dll
[2099/01/01 12:00:00 | 000,097,280 | -HS- | M] () -- C:\WINDOWS\System32\kikavezo.dll
[2099/01/01 12:00:00 | 000,070,144 | -HS- | M] () -- C:\WINDOWS\System32\vafiyene.dll
[2099/01/01 12:00:00 | 000,070,144 | -HS- | M] () -- C:\WINDOWS\System32\rutasaka.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | M] () -- C:\WINDOWS\System32\zavisomu.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | M] () -- C:\WINDOWS\System32\voginuhu.dll
[2099/01/01 12:00:00 | 000,053,760 | -HS- | M] () -- C:\WINDOWS\System32\venijija.dll
[2099/01/01 12:00:00 | 000,053,760 | -HS- | M] () -- C:\WINDOWS\System32\kukezifu.dll
[2099/01/01 12:00:00 | 000,047,616 | -HS- | M] () -- C:\WINDOWS\System32\zizaduvu.dll
[2099/01/01 12:00:00 | 000,047,616 | -HS- | M] () -- C:\WINDOWS\System32\vivuyayo.dll
[2099/01/01 12:00:00 | 000,047,616 | -HS- | M] () -- C:\WINDOWS\System32\vijohato.dll
[2099/01/01 12:00:00 | 000,000,001 | -HS- | M] () -- C:\WINDOWS\System32\vetuyija.dll
[2010/03/22 07:01:55 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\rovosesu
[2010/03/22 07:00:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\sfyaeusb.job
[2010/03/22 06:59:37 | 057,504,857 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/22 06:59:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\prvlcl.dat
[2010/03/22 06:52:58 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/03/22 06:52:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/22 06:52:30 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/22 06:52:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/22 06:52:25 | 1004,650,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/18 19:41:40 | 001,835,008 | -H-- | M] () -- C:\Documents and Settings\Mitchell\NTUSER.DAT
[2010/03/18 19:41:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mitchell\ntuser.ini
[2010/03/18 19:41:16 | 000,020,812 | ---- | M] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 32 musculoskeletal injuries.docx
[2010/03/18 17:56:20 | 000,016,658 | ---- | M] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 30 Soft Tissue Injuries.docx
[2010/03/18 16:51:10 | 000,011,506 | ---- | M] () -- C:\Documents and Settings\Mitchell\My Documents\SKILLS TESTING stuff.docx
[2010/03/18 16:13:58 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_androidusb_01005.Wdf
[2010/03/18 16:13:56 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/03/18 16:12:44 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Mitchell\Start Menu\Programs\Startup\PdaNet Desktop.lnk
[2010/03/16 23:19:09 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Mitchell\Desktop\HijackThis.lnk
[2010/03/16 23:14:49 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/16 22:05:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/03/16 21:58:42 | 000,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/03/16 20:54:31 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/16 20:54:31 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/16 20:54:31 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/16 20:54:31 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/03/16 20:54:30 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/16 20:54:24 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/16 20:42:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/16 20:42:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/16 20:34:29 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/16 19:26:28 | 000,016,231 | ---- | M] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 34 Spinal injurys.docx
[2010/03/16 18:52:53 | 000,071,616 | ---- | M] () -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/16 18:52:26 | 000,013,077 | ---- | M] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 31.docx
[2010/03/16 17:45:38 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Mitchell\My Documents\~$apter 31.docx
[2010/03/16 17:23:41 | 000,013,292 | ---- | M] () -- C:\Documents and Settings\Mitchell\My Documents\Test 3 study!.docx
[2010/03/16 15:45:06 | 000,571,995 | ---- | M] () -- C:\Documents and Settings\Mitchell\Desktop\Shutter Island - Dennis Lehane.pdf
[2010/03/15 21:51:59 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/15 16:28:01 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Mitchell\Desktop\Trillian.lnk
[2010/03/15 00:31:10 | 005,334,144 | -H-- | M] () -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\IconCache.db
[2010/03/14 22:06:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/14 21:50:18 | 000,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 21:50:17 | 000,525,272 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 21:50:17 | 000,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/11 22:56:11 | 000,011,876 | ---- | M] () -- C:\Documents and Settings\Mitchell\My Documents\key crack for wep.docx
[2010/03/11 20:46:38 | 000,014,813 | ---- | M] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 7.docx
[2010/03/09 22:19:51 | 000,000,694 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/09 22:19:50 | 000,002,398 | ---- | M] () -- C:\WINDOWS\wavemix.ini
[2010/03/09 22:10:51 | 460,738,560 | ---- | M] () -- C:\Documents and Settings\Mitchell\My Documents\HOYLECGAMES.iso
[2010/03/09 22:02:26 | 000,000,423 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2010/03/09 20:11:04 | 351,920,128 | ---- | M] () -- C:\Documents and Settings\Mitchell\My Documents\CARDOZA12.iso
[2010/03/09 20:08:00 | 000,021,126 | ---- | M] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 9 PT assessment part 2.docx
[2010/03/09 16:34:36 | 000,753,959 | ---- | M] () -- C:\Documents and Settings\Mitchell\Desktop\nes pirates map.jpg
[2010/03/07 11:32:34 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/04 23:44:54 | 000,000,131 | ---- | M] () -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\fusioncache.dat
[2010/03/04 23:20:06 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2010/03/04 22:58:27 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/03 19:46:52 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Mitchell\Desktop\Windows Media Player.lnk
[2010/03/02 12:05:10 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/03/01 17:36:48 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,100,352 | -HS- | C] () -- C:\WINDOWS\System32\panasoba.dll
[2099/01/01 12:00:00 | 000,100,352 | -HS- | C] () -- C:\WINDOWS\System32\dobojobe.dll
[2099/01/01 12:00:00 | 000,097,280 | -HS- | C] () -- C:\WINDOWS\System32\kikavezo.dll
[2099/01/01 12:00:00 | 000,070,144 | -HS- | C] () -- C:\WINDOWS\System32\vafiyene.dll
[2099/01/01 12:00:00 | 000,070,144 | -HS- | C] () -- C:\WINDOWS\System32\rutasaka.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | C] () -- C:\WINDOWS\System32\zavisomu.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | C] () -- C:\WINDOWS\System32\voginuhu.dll
[2099/01/01 12:00:00 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\venijija.dll
[2099/01/01 12:00:00 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\kukezifu.dll
[2099/01/01 12:00:00 | 000,047,616 | -HS- | C] () -- C:\WINDOWS\System32\zizaduvu.dll
[2099/01/01 12:00:00 | 000,047,616 | -HS- | C] () -- C:\WINDOWS\System32\vivuyayo.dll
[2099/01/01 12:00:00 | 000,047,616 | -HS- | C] () -- C:\WINDOWS\System32\vijohato.dll
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\rovosesu
[2099/01/01 12:00:00 | 000,000,001 | -HS- | C] () -- C:\WINDOWS\System32\vetuyija.dll
[2010/03/22 06:59:16 | 057,504,857 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm.prepare
[2010/03/22 06:55:35 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\sfyaeusb.job
[2010/03/18 19:35:52 | 000,020,812 | ---- | C] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 32 musculoskeletal injuries.docx
[2010/03/18 17:56:17 | 000,016,658 | ---- | C] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 30 Soft Tissue Injuries.docx
[2010/03/18 16:51:08 | 000,011,506 | ---- | C] () -- C:\Documents and Settings\Mitchell\My Documents\SKILLS TESTING stuff.docx
[2010/03/18 16:13:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_androidusb_01005.Wdf
[2010/03/18 16:13:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/03/18 16:12:44 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Mitchell\Start Menu\Programs\Startup\PdaNet Desktop.lnk
[2010/03/16 23:19:09 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Mitchell\Desktop\HijackThis.lnk
[2010/03/16 23:14:49 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/16 22:55:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\prvlcl.dat
[2010/03/16 22:05:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/03/16 21:38:35 | 000,000,766 | ---- | C] () -- C:\WINDOWS\System32\Uninstall.ico
[2010/03/16 21:38:02 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/03/16 20:54:31 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/16 20:54:31 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/03/16 20:54:15 | 057,253,522 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/16 20:34:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/16 20:34:25 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/16 20:32:46 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/16 20:32:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/16 20:32:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/16 20:32:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/16 20:32:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/16 19:26:27 | 000,016,231 | ---- | C] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 34 Spinal injurys.docx
[2010/03/16 17:45:38 | 000,013,077 | ---- | C] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 31.docx
[2010/03/16 17:45:38 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Mitchell\My Documents\~$apter 31.docx
[2010/03/16 17:23:40 | 000,013,292 | ---- | C] () -- C:\Documents and Settings\Mitchell\My Documents\Test 3 study!.docx
[2010/03/16 16:08:12 | 000,571,995 | ---- | C] () -- C:\Documents and Settings\Mitchell\Desktop\Shutter Island - Dennis Lehane.pdf
[2010/03/15 21:51:59 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/15 16:28:01 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Mitchell\Desktop\Trillian.lnk
[2010/03/11 22:56:10 | 000,011,876 | ---- | C] () -- C:\Documents and Settings\Mitchell\My Documents\key crack for wep.docx
[2010/03/11 20:46:36 | 000,014,813 | ---- | C] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 7.docx
[2010/03/09 22:19:43 | 000,159,744 | ---- | C] () -- C:\WINDOWS\bw32000c.dll
[2010/03/09 22:19:39 | 000,159,744 | ---- | C] () -- C:\WINDOWS\bw320007.dll
[2010/03/09 22:18:24 | 000,002,398 | ---- | C] () -- C:\WINDOWS\wavemix.ini
[2010/03/09 22:03:41 | 460,738,560 | ---- | C] () -- C:\Documents and Settings\Mitchell\My Documents\HOYLECGAMES.iso
[2010/03/09 22:02:10 | 000,011,097 | ---- | C] () -- C:\WINDOWS\System32\SNWVALID.HLP
[2010/03/09 22:01:29 | 000,000,423 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/03/09 20:08:29 | 351,920,128 | ---- | C] () -- C:\Documents and Settings\Mitchell\My Documents\CARDOZA12.iso
[2010/03/09 18:48:50 | 000,021,126 | ---- | C] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 9 PT assessment part 2.docx
[2010/03/09 17:17:14 | 000,753,959 | ---- | C] () -- C:\Documents and Settings\Mitchell\Desktop\nes pirates map.jpg
[2010/03/09 17:12:19 | 000,001,966 | ---- | C] () -- C:\WINDOWS\System32\dva.386
[2010/03/09 17:12:16 | 000,506,560 | ---- | C] () -- C:\WINDOWS\owl253.dll
[2010/03/04 23:44:54 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\fusioncache.dat
[2010/03/04 23:20:06 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2010/03/04 22:58:27 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/03 19:46:52 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Mitchell\Desktop\Windows Media Player.lnk
[2010/03/03 19:46:37 | 001,835,008 | -H-- | C] () -- C:\Documents and Settings\Mitchell\NTUSER.DAT
[2010/03/03 19:46:37 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Mitchell\ntuser.ini
[2009/03/05 16:18:43 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/02/21 14:39:22 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/12/07 16:16:36 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/19 15:54:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/09/12 15:17:45 | 000,000,047 | ---- | C] () -- C:\WINDOWS\webica.ini
[2006/06/16 11:16:20 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/16 11:13:31 | 000,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2006/03/03 18:04:28 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/03/03 18:04:15 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/03/03 17:45:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/03 17:32:29 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/27 03:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 09:12:43 | 000,001,268 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 09:12:43 | 000,000,514 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/01/14 10:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2099/01/01 12:00:00 | 000,100,352 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\dobojobe.dll
[2099/01/01 12:00:00 | 000,053,760 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kukezifu.dll
[2099/01/01 12:00:00 | 000,100,352 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\panasoba.dll
[2099/01/01 12:00:00 | 000,070,144 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\vafiyene.dll
[2099/01/01 12:00:00 | 000,053,760 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\venijija.dll
[2099/01/01 12:00:00 | 000,047,616 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\vijohato.dll
[2099/01/01 12:00:00 | 000,047,616 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\vivuyayo.dll
[2099/01/01 12:00:00 | 000,047,616 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\zizaduvu.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/19 16:42:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/12/19 16:42:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 06:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/19 16:42:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/12/19 16:42:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 12:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

Extras.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL Extras logfile created on: 3/22/2010 6:57:21 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Mitchell\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 521.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1288 1576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.42 Gb Total Space | 36.56 Gb Free Space | 71.10% Space Free | Partition Type: NTFS
Drive D: | 4.45 Gb Total Space | 2.70 Gb Free Space | 60.67% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TFP
Current User Name: Mitchell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1855163854-4126565775-914878771-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:explorer -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{62F79C52-E264-44ab-ABC2-7BEA2962C70D}" = 5500Trb
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6D4E56A1-22EE-44d8-BD14-7B9FB7F80D1B}" = 5500_Help
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{73C23496-A105-4b6f-B8F0-22523DFE4E4E}" = 5500
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CDBFDD5B-50E0-4021-94AF-516B80509ABE}" = 5500Tour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AIM Toolbar" = AIM Toolbar
"AVG9Uninstall" = AVG Free 9.0
"CasinoDeinstKey" = Avery Cardoza's Casino
"Citrix ICA Web Client" = Citrix ICA Web Client
"Easy WiFi Radar" = Easy WiFi Radar 1.0.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GOM Player" = GOM Player
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"Hoyle Classic Games" = Hoyle Classic Games
"HP Photo & Imaging" = HP Image Zone 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PdaNet_is1" = PdaNet for Android 1.12
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"PowerISO" = PowerISO
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Sierra Utilities" = Sierra Utilities
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trillian" = Trillian
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.5
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/5/2010 1:58:24 AM | Computer Name = TFP | Source = McLogEvent | ID = 259
Description = The file C:\Program Files\DAEMON Tools Lite\DTLite.exe contains the
New Poly Win32 Virus. No cleaner available, file deleted successfully. Detected
using Scan engine version 5300.2777 DAT version 5660.0000.

Error - 3/12/2010 2:14:14 AM | Computer Name = TFP | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft Office Enterprise 2007 -- Error 1704.An installation
for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended. You must
undo the changes made by that installation to continue. Do you want to undo those
changes?

Error - 3/12/2010 2:18:24 AM | Computer Name = TFP | Source = MsiInstaller | ID = 11935
Description = Product: Microsoft Office Enterprise 2007 -- Error 1935.An error occurred
during the installation of assembly component {D809DBEE-144C-4B32-8798-DFC747E095BF}.
HRESULT: 0x80131047. assembly interface: IAssemblyCacheItem, function: Commit,
assembly name: Microsoft.Office.InfoPath.Client.Internal.Host.Interop,fileVersion="12.0.6500.5000",version="12.0.0.0000000",culture="neutral",publicKeyToken="71E9BCE111E9429C",processorArchitecture="x86"

Error - 3/12/2010 2:18:35 AM | Computer Name = TFP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Enterprise 2007 - Update 'Update for Microsoft
Office InfoPath 2007 (KB976416)' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 3/12/2010 2:22:31 AM | Computer Name = TFP | Source = MsiInstaller | ID = 11935
Description = Product: Microsoft Office Enterprise 2007 -- Error 1935.An error occurred
during the installation of assembly component {04E73476-518E-4B6A-8E10-021A00078847}.
HRESULT: 0x80131047. assembly interface: IAssemblyCacheItem, function: Commit,
assembly name: Microsoft.Office.Interop.PowerPoint,fileVersion="12.0.6501.5000",version="12.0.0.0000000",culture="neutral",publicKeyToken="71E9BCE111E9429C"

Error - 3/12/2010 2:22:36 AM | Computer Name = TFP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Enterprise 2007 - Update 'Security Update
for Microsoft Office PowerPoint 2007 (KB957789)' could not be installed. Error
code 1603. Windows Installer can create logs to help troubleshoot issues with installing
software packages. Use the following link for instructions on turning on logging
support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 3/15/2010 11:48:54 PM | Computer Name = TFP | Source = McLogEvent | ID = 5019
Description = Exception in McShield.Exe! Exception details follow : VSCORE.13.3.2.133
Exception
Code : 0XC0000005 Exception Address : 0X121119B4 Exception Parameters :
2 Param 1 = 0X00000001 Param 2 = 0X00000EA8 More information : ScanRequest : NTName
is \Device\HarddiskVolume1\Documents and Settings\Mitchell\Cookies\mitchell@fastclick[1].txt.


Error - 3/15/2010 11:49:03 PM | Computer Name = TFP | Source = Application Error | ID = 1000
Description = Faulting application mcshield.exe, version 13.3.2.133, faulting module
mcscan32.dll, version 5.300.0.2777, fault address 0x001119b4.

Error - 3/15/2010 11:49:15 PM | Computer Name = TFP | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

[ System Events ]
Error - 3/16/2010 8:24:59 PM | Computer Name = TFP | Source = Service Control Manager | ID = 7034
Description = The WEP/WPA-PMK key recovery service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/16/2010 11:32:27 PM | Computer Name = TFP | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 3/16/2010 11:32:37 PM | Computer Name = TFP | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 3/16/2010 11:40:23 PM | Computer Name = TFP | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_NPF\0000 disappeared from the system without
first being prepared for removal.

Error - 3/16/2010 11:58:15 PM | Computer Name = TFP | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00C0A8B364CE. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 3/17/2010 12:06:27 AM | Computer Name = TFP | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00C0A8B364CE. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 3/17/2010 12:18:44 AM | Computer Name = TFP | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00C0A8B364CE. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 3/17/2010 2:10:11 AM | Computer Name = TFP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/18/2010 7:29:47 PM | Computer Name = TFP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/18/2010 9:02:01 PM | Computer Name = TFP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:58 PM

Posted 24 March 2010 - 12:24 PM

Hi,

Sorry for the delay. I hope you managed to get things working for your tuesday class.

Please run ComboFix from safe mode, I think that should get things back up to booting:
Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System




Download the file & save it as it's originally named.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools



  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.





  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 emopants92

emopants92
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 24 March 2010 - 08:33 PM

yeah its okay i got through my class with out it tuesday and now after combofix its at least running. I didnt install the recovery console because its already installed on this laptop from a previous issue i think about 2 years ago or so. Here is the combofix log

ComboFix 10-03-24.02 - Mitchell 03/24/2010 18:12:48.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.598 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\dobojobe.dll
c:\windows\system32\vetuyija.dll
c:\windows\Tasks\sfyaeusb.job

----- BITS: Possible infected sites -----

hxxp://77.74.48.111
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-02-25 to 2010-03-25 )))))))))))))))))))))))))))))))
.

2010-03-25 00:59 . 2010-03-25 00:59 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-25 00:55 . 2010-03-25 00:55 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-19 02:13 . 2010-03-19 02:13 -------- d-----w- C:\$AVG
2010-03-18 23:16 . 2010-02-23 21:04 1664256 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-03-18 23:12 . 2010-03-18 23:14 -------- d-----w- c:\program files\PdaNet for Android
2010-03-18 23:12 . 2008-10-20 06:00 25728 ----a-w- c:\windows\system32\drivers\androidusb.sys
2010-03-18 23:12 . 2008-10-20 06:00 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2010-03-18 23:12 . 2006-09-28 22:32 9472 ----a-w- c:\windows\system32\drivers\pnetmdm.sys
2010-03-17 06:19 . 2010-03-17 06:19 -------- d-----w- c:\program files\Trend Micro
2010-03-17 06:14 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 06:14 . 2010-03-17 06:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-17 06:14 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 05:55 . 2010-03-22 14:58 0 ----a-w- c:\documents and settings\Mitchell\Local Settings\Application Data\prvlcl.dat
2010-03-17 04:40 . 2006-05-04 05:53 174592 ----a-w- c:\windows\system32\framedyn.dll
2010-03-17 04:39 . 2010-03-17 04:40 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-03-17 04:38 . 2010-03-17 04:58 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-03-17 03:58 . 2010-03-17 03:58 -------- d-----w- c:\documents and settings\Mitchell\Local Settings\Application Data\AVG Security Toolbar
2010-03-17 03:54 . 2010-03-17 03:54 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-17 03:54 . 2010-03-17 03:54 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 03:54 . 2010-03-17 03:54 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-17 03:54 . 2010-03-17 03:54 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 03:54 . 2010-03-22 13:59 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-17 03:54 . 2010-03-18 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-03-17 03:53 . 2010-03-17 03:53 -------- d-----w- c:\program files\AVG
2010-03-17 03:53 . 2010-03-17 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-16 05:47 . 2010-03-16 05:52 -------- d-----w- c:\documents and settings\Mitchell\Application Data\vlc
2010-03-16 05:45 . 2010-03-16 05:45 -------- d-----w- c:\program files\VideoLAN
2010-03-16 05:36 . 2010-03-16 05:36 -------- d-----w- c:\documents and settings\Mitchell\Application Data\GRETECH
2010-03-16 03:47 . 2010-03-16 03:47 -------- d-sh--w- c:\documents and settings\Mitchell\PrivacIE
2010-03-16 03:47 . 2010-03-16 03:47 -------- d-----w- c:\documents and settings\Mitchell\Local Settings\Application Data\AIM Toolbar
2010-03-16 03:46 . 2010-03-16 03:47 -------- d-----w- c:\documents and settings\Mitchell\Application Data\ManyCam
2010-03-16 03:46 . 2010-03-16 03:47 -------- d-----w- c:\program files\ManyCam 2.4
2010-03-15 23:28 . 2010-03-15 23:28 -------- d-----w- c:\documents and settings\Mitchell\Application Data\Trillian
2010-03-15 23:27 . 2010-03-17 06:27 -------- d-----w- c:\program files\Trillian
2010-03-15 23:24 . 2010-03-15 23:24 1691 ----a-w- c:\documents and settings\Mitchell\Application Data\.purple\certificates\x509\tls_peers\api.screenname.aol.com
2010-03-15 23:14 . 2010-03-15 23:14 1089 ----a-w- c:\documents and settings\Mitchell\Application Data\.purple\certificates\x509\tls_peers\login.yahoo.com
2010-03-15 23:13 . 2010-03-15 23:26 -------- d-----w- c:\documents and settings\Mitchell\Application Data\.purple
2010-03-15 23:12 . 2010-03-15 23:12 -------- d-----w- c:\program files\Common Files\GTK
2010-03-15 04:47 . 2010-03-15 04:47 -------- d-sh--w- c:\documents and settings\Mitchell\IETldCache
2010-03-14 06:25 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-14 06:25 . 2010-03-14 06:25 -------- d-----w- c:\windows\ie8updates
2010-03-14 06:24 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-14 06:24 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-14 06:22 . 2010-03-14 06:23 -------- dc-h--w- c:\windows\ie8
2010-03-13 02:35 . 2010-03-13 02:35 -------- d-----w- c:\documents and settings\Mitchell\Application Data\AdobeUM
2010-03-12 06:24 . 2010-03-12 06:24 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-12 04:54 . 2010-03-12 04:54 -------- d-----w- c:\documents and settings\Mitchell\Local Settings\Application Data\Adobe
2010-03-12 04:38 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 05:19 . 1994-09-21 00:00 6736 ----a-w- c:\windows\system32\wingdib.drv
2010-03-10 05:19 . 1994-08-24 00:00 188960 ----a-w- c:\windows\system32\wingde.dll
2010-03-10 05:19 . 1995-02-28 11:14 164928 ----a-w- c:\windows\bwcc.dll
2010-03-10 05:19 . 1995-08-29 04:52 159744 ----a-w- c:\windows\bw32000c.dll
2010-03-10 05:19 . 1995-08-29 04:52 159744 ----a-w- c:\windows\bw320009.dll
2010-03-10 05:19 . 1995-08-29 04:52 159744 ----a-w- c:\windows\bw320007.dll
2010-03-10 05:19 . 1995-08-08 04:53 222720 ----a-w- c:\windows\bc453rtl.dll
2010-03-10 05:15 . 2010-03-10 05:15 -------- d-----w- C:\Cardoza
2010-03-10 05:02 . 1997-12-29 14:44 1022976 ----a-w- c:\windows\system32\SIERRANW.DLL
2010-03-10 05:02 . 1997-12-29 13:55 231936 ----a-w- c:\windows\system32\SNWVALID.DLL
2010-03-10 05:02 . 2010-03-10 05:02 -------- d-----w- c:\program files\Sierra On-Line
2010-03-10 05:02 . 2010-03-10 05:02 -------- d-----w- C:\SIERRA
2010-03-10 04:25 . 1995-08-08 04:53 59856 ----a-w- c:\windows\bids47.dll
2010-03-10 04:04 . 2009-08-07 03:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-03-10 04:04 . 2009-08-07 03:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-03-10 03:53 . 1994-10-06 19:20 27136 ----a-w- c:\windows\system\wavmix16.dll
2010-03-10 03:53 . 1994-09-21 00:00 92208 ----a-w- c:\windows\system\wing.dll
2010-03-10 03:53 . 1994-09-21 00:00 12800 ----a-w- c:\windows\system\wing32.dll
2010-03-10 00:12 . 1994-10-06 19:20 27136 ----a-w- c:\windows\system32\wavmix16.dll
2010-03-10 00:12 . 1994-09-21 00:00 92208 ----a-w- c:\windows\system32\wing.dll
2010-03-10 00:12 . 1994-09-21 00:00 12800 ----a-w- c:\windows\system32\wing32.dll
2010-03-10 00:12 . 1995-08-08 04:53 506560 ----a-w- c:\windows\owl253.dll
2010-03-10 00:09 . 2010-03-10 00:09 -------- d-----w- C:\14310d54384fa7af91c83606a3
2010-03-10 00:08 . 1996-01-09 10:38 283648 ----a-w- c:\windows\uninst.exe
2010-03-08 01:30 . 2010-03-08 01:36 -------- d-----w- c:\documents and settings\Mitchell\Application Data\Winamp
2010-03-07 17:39 . 2010-03-07 17:39 -------- d-----w- c:\windows\system32\XPSViewer
2010-03-07 17:37 . 2010-03-07 17:37 -------- d-----w- c:\program files\Reference Assemblies
2010-03-07 17:34 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-03-07 17:31 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-03-07 17:31 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-03-07 17:31 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-03-07 17:31 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-03-07 17:31 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-03-07 17:31 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-03-07 17:31 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-03-07 17:31 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-03-07 17:31 . 2010-03-07 17:34 -------- d-----w- C:\e49cac20ee97ea170143b69810
2010-03-07 17:30 . 2010-03-07 18:32 -------- d-----w- c:\windows\SxsCaPendDel
2010-03-05 06:45 . 2008-11-10 19:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-03-05 06:45 . 2006-10-27 03:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-03-05 06:45 . 2010-03-05 06:45 -------- d-----w- c:\documents and settings\Mitchell\Local Settings\Application Data\IsolatedStorage
2010-03-05 06:45 . 2010-03-05 06:45 -------- d-----w- c:\documents and settings\Mitchell\Local Settings\Application Data\HP
2010-03-05 06:44 . 2010-03-05 06:44 131 ----a-w- c:\documents and settings\Mitchell\Local Settings\Application Data\fusioncache.dat
2010-03-05 06:44 . 2010-03-05 06:47 -------- d-----w- c:\documents and settings\Mitchell\Local Settings\Application Data\ApplicationHistory
2010-03-05 06:42 . 2010-03-07 17:39 -------- d-----w- c:\program files\MSBuild
2010-03-05 06:40 . 2010-03-05 06:40 -------- d-----w- c:\program files\Microsoft.NET
2010-03-05 06:36 . 2010-03-05 06:36 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-05 06:34 . 2010-03-05 06:50 -------- d-----w- c:\windows\SHELLNEW
2010-03-05 06:33 . 2010-03-05 06:33 -------- d-----w- c:\documents and settings\Mitchell\Local Settings\Application Data\Microsoft Help
2010-03-05 06:33 . 2010-03-14 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-05 06:28 . 2010-03-05 06:28 -------- d-----r- C:\MSOCache
2010-03-05 06:20 . 2010-03-05 06:20 -------- d-----w- c:\program files\PowerISO
2010-03-05 05:58 . 2010-03-05 05:58 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-05 05:57 . 2010-03-05 05:57 -------- d-----w- c:\documents and settings\Mitchell\Application Data\DAEMON Tools Lite
2010-03-05 05:57 . 2010-03-05 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-03-04 05:04 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-04 05:03 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-03-04 05:03 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-03-04 05:03 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-03-04 05:03 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-03-04 05:03 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-03-04 05:03 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-03-04 05:03 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-03-04 05:03 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-03-04 05:03 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-03-04 05:03 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-03-04 05:03 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-03-04 04:59 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-03-04 04:52 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-03-04 04:52 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-03-04 04:45 . 2010-03-17 01:52 71616 ----a-w- c:\documents and settings\Mitchell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-04 03:16 . 2010-03-04 03:16 -------- d-----w- c:\documents and settings\Mitchell\Application Data\Malwarebytes
2010-03-04 02:52 . 1998-05-26 05:42 51712 ----a-w- c:\windows\Foyd.scr
2010-03-04 02:52 . 2010-03-04 02:52 -------- d-----w- c:\program files\Plus!
2010-03-04 02:47 . 2010-03-04 02:47 -------- d-----w- c:\documents and settings\Mitchell\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 23:34 . 2006-03-04 00:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-18 23:13 . 2010-03-18 23:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_androidusb_01005.Wdf
2010-03-18 23:13 . 2010-03-18 23:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-03-12 06:17 . 2006-03-04 01:01 -------- d-----w- c:\program files\Microsoft Works
2009-12-31 16:50 . 2004-08-26 16:12 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-10 03:07 . 2009-06-29 22:31 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
1601-01-01 00:03 . 1601-01-01 00:03 97280 --sha-w- c:\windows\system32\kikavezo.dll
1601-01-01 00:03 . 1601-01-01 00:03 53760 --sha-w- c:\windows\system32\kukezifu.dll
1601-01-01 00:03 . 1601-01-01 00:03 100352 --sha-w- c:\windows\system32\panasoba.dll
1601-01-01 00:03 . 1601-01-01 00:03 70144 --sha-w- c:\windows\system32\rutasaka.dll
1601-01-01 00:03 . 1601-01-01 00:03 70144 --sha-w- c:\windows\system32\vafiyene.dll
1601-01-01 00:03 . 1601-01-01 00:03 53760 --sha-w- c:\windows\system32\venijija.dll
1601-01-01 00:03 . 1601-01-01 00:03 47616 --sha-w- c:\windows\system32\vijohato.dll
1601-01-01 00:03 . 1601-01-01 00:03 47616 --sha-w- c:\windows\system32\vivuyayo.dll
1601-01-01 00:03 . 1601-01-01 00:03 60928 --sha-w- c:\windows\system32\voginuhu.dll
1601-01-01 00:03 . 1601-01-01 00:03 60928 --sha-w- c:\windows\system32\zavisomu.dll
1601-01-01 00:03 . 1601-01-01 00:03 47616 --sha-w- c:\windows\system32\zizaduvu.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69949d07-aadb-4873-b3bf-84595f602f47}]
1601-01-01 00:03 60928 --sha-w- c:\windows\system32\zavisomu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 21:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-07 111952]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"bajaliveh"="c:\windows\system32\dobojobe.dll" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

c:\documents and settings\Mitchell\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-3-18 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 03:54 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-10-14 23:29 88203 ----a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 15:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-08-05 00:28 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-03-04 00:59 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 01:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 11:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-10-07 21:52 737370 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2005-03-08 12:33 53248 ----a-w- c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
2005-11-01 13:15 163840 ----a-w- c:\windows\system32\VTTrayp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/16/2010 8:54 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/16/2010 8:54 PM 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 8:53 PM 308064]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/27/2009 6:03 PM 24652]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [3/18/2010 4:12 PM 9472]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [3/18/2010 4:12 PM 25728]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [3/16/2010 8:54 PM 369920]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/4/2010 10:58 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2006-06-15 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]

2006-06-15 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX3225
uInternet Connection Wizard,ShellNext = "c:\program files\MSN Gaming Zone\Windows\chkrzm.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {4F56B168-72CC-44A6-9664-059E8432E0E0} = 217.23.14.75,4.2.2.1,192.168.1.254
TCP: {A5E34DA1-387B-4A15-BC8F-32067BE9FBA4} = 217.23.14.75,4.2.2.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Mitchell\Application Data\Mozilla\Firefox\Profiles\5nbwrpqr.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{20a6bfb0-f203-4940-b82d-ef780160d76f} - c:\windows\system32\dobojobe.dll
SSODL-regikanod-{20a6bfb0-f203-4940-b82d-ef780160d76f} - c:\windows\system32\dobojobe.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-24 18:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3720)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\AVG\AVG9\avgscanx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2010-03-24 18:30:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-25 01:30
ComboFix2.txt 2010-03-17 03:47

Pre-Run: 39,212,093,440 bytes free
Post-Run: 39,435,296,768 bytes free

- - End Of File - - 84585D9D2F4DF4FEB2E36371158D1BF5


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:58 PM

Posted 26 March 2010 - 12:32 PM

Hi,

there are a couple of things left:
Open notepad and copy/paste the text in the quotebox below into it:

CODE
http://www.bleepingcomputer.com/forums/t/303055/hijackthis-log-computer-blocking-malewarebytes/
Collect::
c:\windows\system32\kikavezo.dll
c:\windows\system32\kukezifu.dll
c:\windows\system32\panasoba.dll
c:\windows\system32\rutasaka.dll
c:\windows\system32\vafiyene.dll
c:\windows\system32\venijija.dll
c:\windows\system32\vijohato.dll
c:\windows\system32\vivuyayo.dll
c:\windows\system32\voginuhu.dll
c:\windows\system32\zavisomu.dll
c:\windows\system32\zizaduvu.dll


Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

How is your PC doing now?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 emopants92

emopants92
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 29 March 2010 - 02:46 PM

now the computer is giving me the quick flash of the blue screen of death again then restarting itself, I can not start the computer in any mode including safe mode and recovery console is accessible

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:58 PM

Posted 30 March 2010 - 07:51 AM

Hi,

when you bring up the screen to select between normal mode and safe mode, you can press F8 again to bring up the advanced boot menu and there you should be able to select Disable Automatic Restart. This will stop the reboot once the PC freezes and you should be able to note down the error message.


Would you be able to download about 300Mb of an CD-image and burn it to CD, if I provide the instructions, or does that pose a problem?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 emopants92

emopants92
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 30 March 2010 - 10:30 PM

yes i can do the bootable CD

#10 emopants92

emopants92
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 01 April 2010 - 09:16 AM

Hey if anyway to get this up and running again it would be much appreciated because I leave tomorrow morning for a trip to Pennsylvania for 6 days. Thanks

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:58 PM

Posted 04 April 2010 - 06:58 PM

Hi,
After you have successfully burned the OTLPE ISO to disc you will need to transfer the disc to the CD drive of your sick computer and boot from it.
  • Insert the CD-ROM into the CD-ROM drive, and then restart the computer.
  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
    • Your PC should now boot from your CD.
    • Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
  • Please be patient as "Windows" loads
  • Your system should now display a REATOGO-X-PE desktop.
  • Double click on the icon on your desktop.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
    • Copy and Paste the following code into the textbox. Do not include the word "Code"

      Please note: You can use a flash drive and copy this script into a txt file from a clean computer to transfer to this computer.

      [xcode]netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      /md5stop
      %systemroot%\*. /mp /s
      [/xcode]
    • Push
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the C:\OTL.txt file in your reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 emopants92

emopants92
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 05 April 2010 - 04:38 PM

I will do this once i get back from vacation on saturday, so please do not delete the topic if no response after 5 days thanks

#13 emopants92

emopants92
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 13 April 2010 - 03:24 PM

OTL logfile created on: 4/13/2010 1:49:57 PM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 735.00 Mb Available Physical Memory | 77.00% Memory free
858.00 Mb Paging File | 765.00 Mb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1288 1576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.42 Gb Total Space | 38.00 Gb Free Space | 73.90% Space Free | Partition Type: NTFS
Drive D: | 4.45 Gb Total Space | 2.70 Gb Free Space | 60.68% Space Free | Partition Type: FAT32
Drive E: | 120.48 Mb Total Space | 2.58 Mb Free Space | 2.14% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/03/16 23:53:46 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/23 17:04:14 | 000,369,920 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2008/10/06 23:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2008/10/06 23:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2008/03/14 07:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/03/03 21:05:21 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/01/05 03:27:32 | 000,065,795 | R--- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/03/17 00:58:42 | 000,005,632 | ---- | M] () [File_System | System] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/03/16 23:54:31 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/16 23:54:30 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/16 23:54:24 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/05 01:58:27 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/08 23:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/10/20 02:00:06 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\androidusb.sys -- (androidusb)
DRV - [2008/10/06 23:50:00 | 000,177,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/10/06 23:50:00 | 000,072,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008/10/06 23:50:00 | 000,064,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/10/06 23:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/10/06 23:50:00 | 000,034,344 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/10/06 23:50:00 | 000,031,816 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2006/09/28 18:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2006/03/03 20:59:11 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/10/26 21:08:26 | 003,786,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/10/14 19:29:18 | 001,121,472 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/07 17:37:50 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/09/21 04:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/02/01 15:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 01:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2001/08/17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2001/08/17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2001/08/17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2001/08/17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2001/08/17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2001/08/17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2001/08/17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2001/08/17 23:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX3225
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX3225
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Mitchell_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX3225
IE - HKU\Mitchell_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\Mitchell_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Owner_ON_C\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/16 23:53:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/03/16 23:54:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/17 02:38:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/17 02:38:18 | 000,000,000 | ---D | M]

[2008/12/19 12:57:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/09 23:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/03/24 21:23:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {69949d07-aadb-4873-b3bf-84595f602f47} - C:\WINDOWS\System32\zavisomu.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\Mitchell_ON_C\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\Mitchell_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\Owner_ON_C\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [bajaliveh] C:\WINDOWS\System32\dobojobe.DLL File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [yugidezehe] File not found
O4 - HKU\.DEFAULT..\Run: [Power2GoExpress] File not found
O4 - HKU\Owner_ON_C..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - Startup: C:\Documents and Settings\Mitchell\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Mitchell_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Mitchell_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Mitchell_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (hupebogi.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/03/18 19:23:36 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk - C:\PROGRA~1\BigFix\bigfix.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: Recguard - hkey= - key= - C:\WINDOWS\SMINST\Recguard.exe ()
MsConfig - StartUpReg: Reminder - hkey= - key= - C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: VTTimer - hkey= - key= - File not found
MsConfig - StartUpReg: VTTrayp - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/26 22:49:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/25 19:08:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\Cookies
[2010/03/24 21:30:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/24 20:59:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2010/03/24 20:55:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/03/24 20:55:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010/03/24 20:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2010/03/24 20:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AOL
[2010/03/24 20:54:41 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/03/24 20:54:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/03/24 20:54:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2010/03/24 20:54:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2010/03/24 20:54:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2010/03/24 20:54:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2010/03/24 20:54:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2010/03/24 20:54:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2010/03/24 20:54:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2010/03/24 20:54:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010/03/24 20:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
[2010/03/24 20:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2010/03/24 20:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2010/03/24 20:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/03/24 20:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2010/03/24 20:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
[2010/03/24 20:54:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010/03/24 20:54:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2010/03/24 20:54:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2010/03/24 20:54:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\WINDOWS
[2010/03/18 22:13:09 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/03/18 19:12:43 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01005.dll
[2010/03/18 19:12:43 | 000,025,728 | ---- | C] (Google Inc) -- C:\WINDOWS\System32\drivers\androidusb.sys
[2010/03/18 19:12:43 | 000,009,472 | ---- | C] (June Fabrics Technology) -- C:\WINDOWS\System32\drivers\pnetmdm.sys
[2010/03/18 19:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\PdaNet for Android
[2010/03/17 02:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/17 02:14:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/17 02:14:43 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/17 02:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/17 00:40:55 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\framedyn.dll
[2010/03/17 00:39:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2010/03/16 23:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\AVG Security Toolbar
[2010/03/16 23:54:31 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/16 23:54:31 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/16 23:54:30 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/16 23:54:24 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/16 23:54:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/03/16 23:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/16 23:34:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/16 23:32:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/16 23:32:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/16 23:32:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/16 23:32:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/16 23:32:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/16 23:30:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/16 23:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\My Documents\My Received Files
[2010/03/16 21:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Desktop\POWERPOINTS
[2010/03/16 01:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\vlc
[2010/03/16 01:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/03/16 01:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\GRETECH
[2010/03/15 23:47:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mitchell\PrivacIE
[2010/03/15 23:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\AIM Toolbar
[2010/03/15 23:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\ManyCam
[2010/03/15 23:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam 2.4
[2010/03/15 19:28:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\Trillian
[2010/03/15 19:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trillian
[2010/03/15 19:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitchell\Application Data\.purple
[2010/03/15 19:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\GTK
[2010/03/15 00:47:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mitchell\IETldCache
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,100,352 | -HS- | M] () -- C:\WINDOWS\System32\bizikono.dll
[2099/01/01 12:00:00 | 000,097,280 | -HS- | M] () -- C:\WINDOWS\System32\kikavezo.dll
[2099/01/01 12:00:00 | 000,070,144 | -HS- | M] () -- C:\WINDOWS\System32\rutasaka.dll
[2099/01/01 12:00:00 | 000,070,144 | -HS- | M] () -- C:\WINDOWS\System32\pulowule.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | M] () -- C:\WINDOWS\System32\zavisomu.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | M] () -- C:\WINDOWS\System32\voginuhu.dll
[2099/01/01 12:00:00 | 000,053,760 | -HS- | M] () -- C:\WINDOWS\System32\pulobuha.dll
[2099/01/01 12:00:00 | 000,047,616 | -HS- | M] () -- C:\WINDOWS\System32\sinehotu.dll
[2010/03/26 22:53:15 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/03/26 22:53:15 | 000,229,376 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/03/26 22:53:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/26 22:53:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/26 22:53:09 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\Mitchell\NTUSER.DAT
[2010/03/26 22:53:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mitchell\ntuser.ini
[2010/03/26 22:53:03 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\rovosesu
[2010/03/26 22:51:37 | 003,903,606 | R--- | M] () -- C:\Documents and Settings\Mitchell\Desktop\ComboFix.exe
[2010/03/26 22:47:47 | 057,871,315 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/26 22:43:52 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/03/26 22:43:30 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/26 22:43:25 | 1004,650,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/25 23:07:05 | 004,839,104 | -H-- | M] () -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\IconCache.db
[2010/03/25 23:06:53 | 000,013,395 | ---- | M] () -- C:\Documents and Settings\Mitchell\My Documents\Test 4.docx
[2010/03/25 22:20:39 | 000,022,967 | ---- | M] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 41 Gaining Access.docx
[2010/03/24 21:58:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\prvlcl.dat
[2010/03/24 21:24:40 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/24 21:23:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/24 21:08:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/03/24 21:08:05 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/24 20:58:09 | 000,000,286 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.lnk
[2010/03/24 20:48:40 | 003,899,362 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/03/18 22:41:16 | 000,020,812 | ---- | M] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 32 musculoskeletal injuries.docx
[2010/03/18 20:56:20 | 000,016,658 | ---- | M] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 30 Soft Tissue Injuries.docx
[2010/03/18 19:51:10 | 000,011,506 | ---- | M] () -- C:\Documents and Settings\Mitchell\My Documents\SKILLS TESTING stuff.docx
[2010/03/18 19:13:58 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_androidusb_01005.Wdf
[2010/03/18 19:13:56 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/03/18 19:12:44 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Mitchell\Start Menu\Programs\Startup\PdaNet Desktop.lnk
[2010/03/17 02:19:09 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Mitchell\Desktop\HijackThis.lnk
[2010/03/17 00:58:42 | 000,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/03/16 23:54:52 | 002,789,376 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/03/16 23:54:31 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/16 23:54:31 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/16 23:54:31 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/16 23:54:30 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/16 23:54:24 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/16 23:34:29 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/16 22:26:28 | 000,016,231 | ---- | M] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 34 Spinal injurys.docx
[2010/03/16 21:52:53 | 000,071,616 | ---- | M] () -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/16 21:52:26 | 000,013,077 | ---- | M] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 31.docx
[2010/03/16 20:45:38 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Mitchell\My Documents\~$apter 31.docx
[2010/03/16 20:23:41 | 000,013,292 | ---- | M] () -- C:\Documents and Settings\Mitchell\My Documents\Test 3 study!.docx
[2010/03/16 18:45:06 | 000,571,995 | ---- | M] () -- C:\Documents and Settings\Mitchell\Desktop\Shutter Island - Dennis Lehane.pdf
[2010/03/16 00:51:59 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/15 19:28:01 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Mitchell\Desktop\Trillian.lnk
[2010/03/15 01:06:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/15 00:50:18 | 000,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/15 00:50:17 | 000,525,272 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/15 00:50:17 | 000,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,100,352 | -HS- | C] () -- C:\WINDOWS\System32\bizikono.dll
[2099/01/01 12:00:00 | 000,097,280 | -HS- | C] () -- C:\WINDOWS\System32\kikavezo.dll
[2099/01/01 12:00:00 | 000,070,144 | -HS- | C] () -- C:\WINDOWS\System32\rutasaka.dll
[2099/01/01 12:00:00 | 000,070,144 | -HS- | C] () -- C:\WINDOWS\System32\pulowule.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | C] () -- C:\WINDOWS\System32\zavisomu.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | C] () -- C:\WINDOWS\System32\voginuhu.dll
[2099/01/01 12:00:00 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\pulobuha.dll
[2099/01/01 12:00:00 | 000,047,616 | -HS- | C] () -- C:\WINDOWS\System32\sinehotu.dll
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\rovosesu
[2010/03/26 22:48:58 | 003,903,606 | R--- | C] () -- C:\Documents and Settings\Mitchell\Desktop\ComboFix.exe
[2010/03/25 23:06:53 | 000,013,395 | ---- | C] () -- C:\Documents and Settings\Mitchell\My Documents\Test 4.docx
[2010/03/25 22:20:37 | 000,022,967 | ---- | C] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 41 Gaining Access.docx
[2010/03/24 21:09:24 | 1004,650,496 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/24 20:58:30 | 003,899,362 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/03/24 20:58:09 | 000,000,286 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.lnk
[2010/03/24 20:54:40 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/03/24 20:54:39 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/18 22:35:52 | 000,020,812 | ---- | C] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 32 musculoskeletal injuries.docx
[2010/03/18 20:56:17 | 000,016,658 | ---- | C] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 30 Soft Tissue Injuries.docx
[2010/03/18 19:51:08 | 000,011,506 | ---- | C] () -- C:\Documents and Settings\Mitchell\My Documents\SKILLS TESTING stuff.docx
[2010/03/18 19:13:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_androidusb_01005.Wdf
[2010/03/18 19:13:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/03/18 19:12:44 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Mitchell\Start Menu\Programs\Startup\PdaNet Desktop.lnk
[2010/03/17 02:19:09 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Mitchell\Desktop\HijackThis.lnk
[2010/03/17 01:55:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\prvlcl.dat
[2010/03/17 00:38:35 | 000,000,766 | ---- | C] () -- C:\WINDOWS\System32\Uninstall.ico
[2010/03/17 00:38:02 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/03/16 23:54:31 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/16 23:54:15 | 057,871,315 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/16 23:34:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/16 23:34:25 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/16 23:32:46 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/16 23:32:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/16 23:32:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/16 23:32:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/16 23:32:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/16 22:26:27 | 000,016,231 | ---- | C] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 34 Spinal injurys.docx
[2010/03/16 20:45:38 | 000,013,077 | ---- | C] () -- C:\Documents and Settings\Mitchell\My Documents\Chapter 31.docx
[2010/03/16 20:45:38 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Mitchell\My Documents\~$apter 31.docx
[2010/03/16 20:23:40 | 000,013,292 | ---- | C] () -- C:\Documents and Settings\Mitchell\My Documents\Test 3 study!.docx
[2010/03/16 19:08:12 | 000,571,995 | ---- | C] () -- C:\Documents and Settings\Mitchell\Desktop\Shutter Island - Dennis Lehane.pdf
[2010/03/16 00:51:59 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/15 19:28:01 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Mitchell\Desktop\Trillian.lnk
[2010/03/10 01:19:43 | 000,159,744 | ---- | C] () -- C:\WINDOWS\bw32000c.dll
[2010/03/10 01:19:39 | 000,159,744 | ---- | C] () -- C:\WINDOWS\bw320007.dll
[2010/03/10 01:18:24 | 000,002,398 | ---- | C] () -- C:\WINDOWS\wavemix.ini
[2010/03/10 01:01:29 | 000,000,423 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/03/09 20:12:16 | 000,506,560 | ---- | C] () -- C:\WINDOWS\owl253.dll
[2010/03/05 02:44:54 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Mitchell\Local Settings\Application Data\fusioncache.dat
[2009/03/05 19:18:43 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/07/14 14:38:35 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2007/02/21 17:39:22 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/12/07 19:16:36 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/19 18:54:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/09/12 18:17:45 | 000,000,047 | ---- | C] () -- C:\WINDOWS\webica.ini
[2006/07/19 14:38:24 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/06/16 14:13:31 | 000,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2006/03/03 21:04:28 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/03/03 21:04:15 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/03/03 20:45:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/03 20:32:29 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 12:12:43 | 000,001,268 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 000,000,514 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/01/14 13:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll

========== LOP Check ==========

[2006/03/03 21:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2010/03/15 19:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell\Application Data\.purple
[2010/03/05 01:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell\Application Data\DAEMON Tools Lite
[2010/03/15 23:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell\Application Data\ManyCam
[2006/03/03 21:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell\Application Data\SampleView
[2010/03/15 19:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitchell\Application Data\Trillian
[2006/09/12 18:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2006/03/03 21:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2008/07/14 14:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/08/29 21:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2006/06/15 13:25:55 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2006/06/15 13:25:56 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/19 19:42:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/12/19 19:42:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 09:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/19 19:42:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/12/19 19:42:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=A8D941B411A9E00EBFAC25EF77B61551 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 15:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< [/xcode] >
Invalid Switch: xcode]

< End of report >


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:58 PM

Posted 14 April 2010 - 01:24 PM

Hi,

Please run the following fix with OTLPE:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    [2099/01/01 12:00:00 | 000,100,352 | -HS- | C] () -- C:\WINDOWS\System32\bizikono.dll
    [2099/01/01 12:00:00 | 000,097,280 | -HS- | C] () -- C:\WINDOWS\System32\kikavezo.dll
    [2099/01/01 12:00:00 | 000,070,144 | -HS- | C] () -- C:\WINDOWS\System32\rutasaka.dll
    [2099/01/01 12:00:00 | 000,070,144 | -HS- | C] () -- C:\WINDOWS\System32\pulowule.dll
    [2099/01/01 12:00:00 | 000,060,928 | -HS- | C] () -- C:\WINDOWS\System32\zavisomu.dll
    [2099/01/01 12:00:00 | 000,060,928 | -HS- | C] () -- C:\WINDOWS\System32\voginuhu.dll
    [2099/01/01 12:00:00 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\pulobuha.dll
    [2099/01/01 12:00:00 | 000,047,616 | -HS- | C] () -- C:\WINDOWS\System32\sinehotu.dll
    [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\rovosesu
    O20 - AppInit_DLLs: (hupebogi.dll) - File not found
    O4 - HKLM..\Run: [bajaliveh] C:\WINDOWS\System32\dobojobe.DLL File not found
    O4 - HKLM..\Run: [yugidezehe] File not found
    O2 - BHO: (no name) - {69949d07-aadb-4873-b3bf-84595f602f47} - C:\WINDOWS\System32\zavisomu.dll ()
    :files
    C:\Windows\tasks\at*.job
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

let me know if you can reboot now.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 emopants92

emopants92
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 14 April 2010 - 09:45 PM

nope still not starting

========== OTL ==========
C:\WINDOWS\system32\bizikono.dll moved successfully.
C:\WINDOWS\system32\kikavezo.dll moved successfully.
C:\WINDOWS\system32\rutasaka.dll moved successfully.
C:\WINDOWS\system32\pulowule.dll moved successfully.
C:\WINDOWS\system32\zavisomu.dll moved successfully.
C:\WINDOWS\system32\voginuhu.dll moved successfully.
C:\WINDOWS\system32\pulobuha.dll moved successfully.
C:\WINDOWS\system32\sinehotu.dll moved successfully.
C:\WINDOWS\system32\rovosesu moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:hupebogi.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bajaliveh deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\yugidezehe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69949d07-aadb-4873-b3bf-84595f602f47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69949d07-aadb-4873-b3bf-84595f602f47}\ deleted successfully.
File C:\WINDOWS\System32\zavisomu.dll not found.
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 300 bytes

User: Mitchell
->Temp folder emptied: 1528566 bytes
->Temporary Internet Files folder emptied: 356120 bytes
->FireFox cache emptied: 45447952 bytes
->Flash cache emptied: 23473 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 781403 bytes
->Java cache emptied: 14898086 bytes
->FireFox cache emptied: 106012782 bytes
->Flash cache emptied: 329031 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84538 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

Total Files Cleaned = 162.00 mb


OTLPE by OldTimer - Version 3.1.37.1 log created on 04142010_214222





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users