Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rogue antivirus infection (avsoft)


  • This topic is locked This topic is locked
19 replies to this topic

#1 nutellapocky

nutellapocky

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 03 April 2010 - 10:09 PM

Please help with my computer's infection:

I believe it is a rogue antivirus but I'm not particularly sure of the exact kind. My nephew had clicked on something while browsing a game site. I could not run Avast. I took the hard drive and put it in an external case and used a borrowed laptop to scan it with Avast. It found 3 or 4 trojans and a few other malwares and spywares. I don't have access to the logs now and I can't remember what they were. I reinstalled the hard drive in the desktop again but I still could not run Avast and update mbam or Ss&d. I tried running an online scan using Panda activescan. It found about 50 things then it quit halfway and won't run again. I uninstalled and reinstalled mbam and updated the latest definitions manually and it found trojan.fraudpack from avsoft as well as 50 other things. I updated Ss&d manually as well and it now comes up clean when scanned with either utility. I still can't use Avast though and none of the automatic updates work.

Here is my dds log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Tina at 18:15:22.93 on Sat 04/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.583 [GMT -6:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\SYSTEM32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tina\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com/ie
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
StartupFolder: c:\docume~1\tina\startm~1\programs\startup\dragon~1.lnk - c:\program files\nuance\naturallyspeaking9\program\natspeak.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corelc~2.lnk - c:\program files\corel\wordperfect office 2000\programs\alarm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311t\wlancfg5.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdanyw~1.lnk - c:\windows\installer\{47566d9f-6ed6-47c6-8a92-b5c01c44edb4}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ickgw32i

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tina\applic~1\mozilla\firefox\profiles\zwd9dsv2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.startup.homepage - hxxp://wwwyahoo.com
FF - plugin: c:\documents and settings\tina\application data\mozilla\firefox\profiles\zwd9dsv2.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\documents and settings\tina\application data\mozilla\firefox\profiles\zwd9dsv2.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_SeekmoSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npImgCtl.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12
============= SERVICES / DRIVERS ===============

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2005-4-3 9344]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-3-15 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-2-7 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-7 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-9 40384]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2008-7-10 25824]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-9 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-9 40384]
S2 a2free;a-squared Free Service;"d:\anti-spyware\a-squared free\a2service.exe" --> d:\anti-spyware\a-squared free\a2service.exe [?]
S3 TCFilter;TCFilter;c:\windows\system32\drivers\tcfilter.sys --> c:\windows\system32\drivers\tcfilter.sys [?]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2005-4-3 462464]

=============== Created Last 30 ================

2010-04-03 18:26:11 0 d-----w- c:\docume~1\tina\applic~1\Office Genuine Advantage
2010-04-03 04:19:25 0 d-----w- c:\program files\Runtime Software
2010-04-01 14:54:55 477696 ----a-r- c:\windows\system32\drivers\ZD1211BU.sys
2010-04-01 06:16:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-01 06:16:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-01 06:16:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-01 05:06:08 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-01 04:59:27 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-04-01 04:59:27 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-04-01 04:59:18 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-04-01 04:59:18 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-03-15 21:14:25 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-03-15 21:13:17 0 d-----w- c:\program files\Panda Security
2010-03-15 18:13:39 0 d-----w- c:\windows\ie8updates
2010-03-14 21:34:53 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-14 21:34:53 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-14 21:34:53 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-14 21:34:53 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-03-14 21:34:52 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-03-14 21:34:49 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-03-14 00:38:25 0 d-sh--w- c:\documents and settings\tina\IETldCache
2010-03-14 00:33:45 0 dc-h--w- c:\windows\ie8
2010-03-13 23:32:25 0 d-----w- c:\windows\pss
2010-03-12 03:07:02 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 01:22:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-03-05 20:05:36 0 ----a-w- c:\documents and settings\tina\jagex__preferences3.dat

==================== Find3M ====================

2010-04-01 07:00:37 2794 ----a-w- c:\docume~1\tina\applic~1\SAS7_000.DAT
2010-03-05 20:06:31 69 ----a-w- c:\documents and settings\tina\jagex_runescape_preferences2.dat
2010-03-05 20:00:10 41 ----a-w- c:\documents and settings\tina\jagex_runescape_preferences.dat
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2010-02-25 06:24:37 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-02-25 06:24:37 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-02-25 06:24:37 1209344 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2010-02-25 06:24:36 5944832 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-02-25 06:24:35 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-02-25 06:24:35 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-02-25 06:24:34 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-13 03:08:44 466944 ----a-w- c:\windows\system32\BSTIEPrintCtl1.dll
2008-07-16 20:27:47 0 ----a-w- c:\program files\temp01
2006-04-26 00:30:40 469824 ----a-w- c:\windows\inf\wg311t\WG311T13.sys
2006-04-26 00:30:38 35232 ----a-w- c:\windows\inf\wg311t\ME_INST.EXE
2006-04-26 00:30:38 26112 ----a-w- c:\windows\inf\wg311t\install.exe

============= FINISH: 18:16:19.09 ===============

Thanks for helping,
zz

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:05 PM

Posted 08 April 2010 - 11:12 AM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

Edited by syler, 08 April 2010 - 11:14 AM.

unite.jpg


#3 nutellapocky

nutellapocky
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 08 April 2010 - 07:31 PM

Yay! Thanks for coming to the rescue syler.

here are the requested logs:

OTL logfile created on: 4/8/2010 6:12:37 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Tina\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 606.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 31.05 Gb Free Space | 41.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 122.10 Mb Total Space | 50.73 Mb Free Space | 41.55% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BART
Current User Name: Tina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/08 17:07:48 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tina\Desktop\OTL.exe
PRC - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/07/10 19:26:36 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
PRC - [2008/07/10 19:26:26 | 001,291,488 | ---- | M] (Memeo Inc.) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/28 21:09:14 | 000,700,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2006/09/14 21:02:56 | 001,503,232 | ---- | M] () -- C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
PRC - [2006/06/25 16:27:52 | 002,297,856 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
PRC - [2006/04/25 18:30:38 | 000,036,864 | ---- | M] () -- C:\WINDOWS\SYSTEM32\acs.exe
PRC - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/02/16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [1999/03/29 22:37:40 | 000,225,280 | ---- | M] (Corel Corporation Limited) -- C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe


========== Modules (SafeList) ==========

MOD - [2010/04/08 17:07:48 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tina\Desktop\OTL.exe
MOD - [2008/04/13 18:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\cabinet.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (a2free)
SRV - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/07/10 19:26:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2006/05/08 05:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 18:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 18:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 18:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/25 18:30:38 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\acs.exe -- (ACS)
SRV - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/03/30 17:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe -- (KodakCCS)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel« Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/03/09 05:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys -- (aswTdi)
DRV - [2010/03/09 05:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys -- (aswSP)
DRV - [2010/03/09 05:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys -- (aswRdr)
DRV - [2010/03/09 05:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys -- (aswMon2)
DRV - [2010/03/09 05:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/09 05:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys -- (Aavmker4)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/06/18 09:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/01/13 15:53:47 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys -- (usbsermpt)
DRV - [2007/11/12 09:26:56 | 000,477,696 | R--- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2006/04/25 18:30:40 | 000,469,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WG311T13.sys -- (AR5211)
DRV - [2005/08/23 10:58:00 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/06/16 15:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcCam.sys -- (DcCam)
DRV - [2005/03/31 09:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 08:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 08:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcLps.sys -- (DcLps)
DRV - [2005/03/31 08:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 08:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcFpoint.sys -- (DcFpoint)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2004/12/17 07:52:10 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2004/12/17 07:52:10 | 000,026,120 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PfModNT.sys -- (PfModNT)
DRV - [2002/12/24 10:38:36 | 000,462,464 | ---- | M] (ahead software) [File_System | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bsudf.sys -- (BsUDF)
DRV - [2002/06/05 17:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2121459917-3671008713-2574487181-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2121459917-3671008713-2574487181-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2121459917-3671008713-2574487181-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-2121459917-3671008713-2574487181-1005\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2121459917-3671008713-2574487181-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2121459917-3671008713-2574487181-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2121459917-3671008713-2574487181-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://wwwyahoo.com"
FF - prefs.js..extensions.enabledItems: {0C7E3F01-99E9-4095-9BDC-F84724960B57}:5.0.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.0.3.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.18


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/22 20:46:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/22 20:46:54 | 000,000,000 | ---D | M]

[2009/01/12 23:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tina\Application Data\Mozilla\Extensions
[2009/01/12 23:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tina\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/02 22:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions
[2009/01/12 23:27:06 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2009/09/02 18:20:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/12 23:01:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/23 16:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions\moveplayer@movenetworks.com
[2010/01/15 10:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions\toolbar@shopathome.com
[2010/01/02 16:22:02 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\searchplugins\askcom.xml
[2010/04/02 22:23:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/18 14:12:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/07 16:17:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/11/25 17:34:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/11 08:16:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/12/21 18:31:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2010/02/18 14:12:26 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/02/18 14:12:26 | 000,134,616 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2004/09/08 23:03:50 | 000,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2010/02/12 21:08:44 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol308.dll
[2008/06/18 00:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2008/12/21 18:30:05 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2007/03/23 11:58:00 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\Mozilla Firefox\plugins\npImgCtl.dll
[2010/02/18 14:12:29 | 000,065,496 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2006/12/18 05:18:30 | 000,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/12/25 11:02:12 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/12/25 11:02:13 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/12/25 11:02:15 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/12/25 11:02:15 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/12/25 11:02:15 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/12/25 11:02:16 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/12/25 11:02:17 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/01/12 23:00:17 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/01/12 23:00:17 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/01/12 23:00:17 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/01/12 23:00:17 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/07 16:49:28 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/10/07 16:49:29 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml
[2009/01/12 23:00:17 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/01/12 23:00:17 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/01/12 23:00:17 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/03/31 23:13:48 | 000,249,881 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8710 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2121459917-3671008713-2574487181-1005\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2121459917-3671008713-2574487181-1005\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2121459917-3671008713-2574487181-1005\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKU\S-1-5-21-2121459917-3671008713-2574487181-1005..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2121459917-3671008713-2574487181-1005..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-2121459917-3671008713-2574487181-1005..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe (Corel Corporation Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk = C:\WINDOWS\Installer\{47566D9F-6ED6-47C6-8A92-B5C01C44EDB4}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe ()
O4 - Startup: C:\Documents and Settings\Andy\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\kidsadmin\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Tina\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe (Nuance Communications, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2121459917-3671008713-2574487181-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-2121459917-3671008713-2574487181-1005\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Tina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{268e8507-fc90-11dd-8a74-001111dffd9e}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O33 - MountPoints2\{b4bd3e08-a5d7-11dc-86f6-001111dffd9e}\Shell\AutoRun\command - "" = MiniInstaller.exe
O33 - MountPoints2\{baf8b396-49f7-11dd-88a1-001111dffd9e}\Shell\Explore\command - "" = C:\WINDOWS\explorer.exe -- [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{baf8b396-49f7-11dd-88a1-001111dffd9e}\Shell\Launch\command - "" = E:\portablevaultaes.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/08 17:55:19 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tina\Desktop\OTL.exe
[2010/04/07 20:55:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tina\defogger_reenable
[2010/04/03 18:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tina\Desktop\gmer
[2010/04/03 12:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tina\Application Data\Office Genuine Advantage
[2010/04/02 22:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/04/01 08:54:55 | 000,477,696 | R--- | C] (ZyDAS Technology Corporation) -- C:\WINDOWS\System32\drivers\ZD1211BU.sys
[2010/04/01 00:16:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/01 00:16:34 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/01 00:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/31 23:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/03/31 22:59:27 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/03/31 22:59:18 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2010/03/15 15:14:25 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/03/15 15:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/03/15 12:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tina\My Documents\Simply Super Software
[2010/03/15 12:13:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/03/14 15:34:53 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/03/14 15:34:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/03/14 15:34:52 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/03/14 15:34:49 | 011,070,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/03/14 01:38:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/03/13 18:38:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tina\IETldCache
[2010/03/13 18:33:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/03/13 18:25:11 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Tina\Desktop\spybotsd162.exe
[2010/03/13 17:32:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/03/11 21:07:02 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/09 19:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/09 17:12:57 | 000,011,963 | ---- | C] () -- C:\Documents and Settings\Tina\hs_err_pid3480.log
[2010/03/05 14:05:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tina\jagex__preferences3.dat
[2010/01/04 22:35:42 | 002,108,712 | -H-- | C] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\IconCache.db
[2009/10/09 13:41:04 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Tina\jagex_runescape_preferences2.dat
[2009/07/31 12:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/31 07:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/02/17 08:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2009/02/07 13:12:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/02/07 13:12:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/07 13:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/12/30 11:31:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tina\QBInstanceFinder.log
[2008/12/10 19:20:42 | 000,013,947 | ---- | C] () -- C:\Documents and Settings\Tina\hs_err_pid3076.log
[2008/07/16 14:27:47 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/07/01 13:33:24 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\Tina\jagex_runescape_preferences.dat
[2008/02/05 21:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2008/01/13 15:53:47 | 000,024,192 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Tina\usbsermptxp.sys
[2008/01/13 15:53:47 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Tina\usbsermpt.sys
[2008/01/13 15:53:47 | 000,007,195 | ---- | C] () -- C:\Documents and Settings\Tina\USBMOT2000.INF
[2008/01/13 15:53:47 | 000,005,891 | ---- | C] () -- C:\Documents and Settings\Tina\USBMOT2000XP.INF
[2008/01/13 15:53:47 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Tina\USB_CMCS_2000.INF
[2008/01/13 15:53:23 | 000,012,388 | ---- | C] () -- C:\Documents and Settings\Tina\Motorola_Driver_Log.txt
[2007/08/11 20:40:58 | 000,002,794 | ---- | C] () -- C:\Documents and Settings\Tina\Application Data\SAS7_000.DAT
[2007/03/02 09:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2007/03/02 09:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2006/06/29 14:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/12/29 21:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2005/12/27 13:44:49 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/26 13:30:58 | 010,558,721 | ---- | C] () -- C:\Documents and Settings\Tina\╚┬F
[2005/08/24 19:19:54 | 000,000,406 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2005/05/11 14:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2005/04/03 19:12:02 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\FASTWiz.log
[2005/04/03 18:30:18 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\FASTWiz.html
[2005/04/03 18:27:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\fusioncache.dat
[2005/04/02 11:52:59 | 000,114,832 | ---- | C] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/03/29 22:02:45 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Tina\convert.log
[2005/03/29 22:02:45 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Tina\Application Data\DESKTOP.INI
[2005/03/29 22:02:42 | 009,961,472 | ---- | C] () -- C:\Documents and Settings\Tina\NTUSER.DAT
[2005/03/29 22:02:42 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Tina\ntuser.dat.LOG
[2005/03/29 22:02:42 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Tina\NTUSER.INI
[2005/03/29 22:01:58 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2005/03/29 22:01:58 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2004/08/11 17:07:12 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/08 17:59:11 | 000,002,371 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
[2010/04/08 17:59:09 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/04/08 17:59:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/04/08 17:58:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/08 17:58:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/04/08 17:58:49 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/08 17:57:57 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Tina\NTUSER.DAT
[2010/04/08 17:57:57 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tina\NTUSER.INI
[2010/04/08 17:07:48 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tina\Desktop\OTL.exe
[2010/04/08 02:46:40 | 000,006,026 | ---- | M] () -- C:\Documents and Settings\Tina\Desktop\attach.zip
[2010/04/07 20:55:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tina\defogger_reenable
[2010/04/03 18:13:20 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Tina\Desktop\gmer.zip
[2010/04/03 16:30:59 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/02 22:19:28 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2010/04/01 20:14:28 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/01 20:14:27 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/01 01:00:37 | 000,002,794 | ---- | M] () -- C:\Documents and Settings\Tina\Application Data\SAS7_000.DAT
[2010/03/31 23:13:48 | 000,249,881 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/03/15 12:14:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/14 15:29:48 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/14 15:29:48 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/14 15:29:46 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/13 18:27:01 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Tina\Desktop\spybotsd162.exe
[2010/03/13 17:38:00 | 000,000,817 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/03/13 17:38:00 | 000,000,243 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/03/13 17:38:00 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/08 02:46:40 | 000,006,026 | ---- | C] () -- C:\Documents and Settings\Tina\Desktop\attach.zip
[2010/04/03 18:13:21 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Tina\Desktop\gmer.zip
[2010/04/02 22:19:28 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2010/04/01 20:18:16 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/03/09 19:23:22 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2009/09/07 19:31:24 | 000,000,052 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/04/17 19:13:13 | 000,000,042 | ---- | C] () -- C:\WINDOWS\Tlcpromo.ini
[2008/04/17 18:17:01 | 000,000,635 | ---- | C] () -- C:\WINDOWS\Spidey.INI
[2007/12/25 14:21:19 | 000,000,121 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/12/25 14:21:10 | 000,000,199 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/11/15 21:55:26 | 000,000,490 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2007/08/11 19:54:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2007/03/03 09:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2007/01/06 16:49:03 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/01/06 16:45:46 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/01/06 16:44:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX6000.ini
[2006/12/26 18:36:00 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/08/29 15:37:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/08/21 11:13:42 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2006/05/21 21:16:58 | 000,000,056 | ---- | C] () -- C:\WINDOWS\cglp.ini
[2006/01/25 12:46:23 | 000,000,067 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/11/01 18:40:04 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/11/01 18:40:04 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/11/01 18:40:04 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/11/01 18:10:22 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\freeisys.dll
[2005/10/19 14:55:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/08/16 21:16:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\qpw.INI
[2005/05/13 17:01:46 | 000,000,311 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2005/05/10 08:33:17 | 000,001,282 | ---- | C] () -- C:\WINDOWS\FOWin32.INI
[2005/04/03 17:53:51 | 000,002,583 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/04/03 17:51:58 | 000,001,454 | ---- | C] () -- C:\WINDOWS\QfnOnl.ini
[2005/04/03 17:51:58 | 000,000,136 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2005/04/03 17:51:50 | 000,000,362 | ---- | C] () -- C:\WINDOWS\QDQICK.INI
[2005/04/03 17:51:50 | 000,000,038 | ---- | C] () -- C:\WINDOWS\ACCWIZ.INI
[2005/04/03 17:51:50 | 000,000,021 | ---- | C] () -- C:\WINDOWS\QFNOA.INI
[2005/03/30 21:40:03 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/03/30 21:04:37 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\fxdb.dll
[2005/03/30 21:04:01 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\iduninst.dll
[2005/03/30 21:03:27 | 001,213,440 | ---- | C] () -- C:\WINDOWS\System32\opengl.dll
[2005/03/30 21:03:26 | 000,315,904 | ---- | C] () -- C:\WINDOWS\System32\glu.dll
[2005/03/30 21:03:26 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\glut.dll
[2005/03/11 23:25:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/11 23:02:26 | 000,000,366 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 17:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1980/01/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 09:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2009/01/12 13:20:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2009/01/12 13:20:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2009/01/12 13:20:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2009/01/12 13:20:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5711EF65
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21C2E351
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE36080E
< End of report >


OTL Extras logfile created on: 4/8/2010 6:12:37 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Tina\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 606.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 31.05 Gb Free Space | 41.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 122.10 Mb Total Space | 50.73 Mb Free Space | 41.55% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BART
Current User Name: Tina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\java.exe" = C:\WINDOWS\SYSTEM32\java.exe:*:Disabled:java -- (Sun Microsystems, Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\360Share Pro\Gui\360Share Pro.exe" = C:\Program Files\360Share Pro\Gui\360Share Pro.exe:*:Enabled:360Share Pro -- File not found
"C:\Documents and Settings\Tina\Desktop\wowclient-downloader.exe" = C:\Documents and Settings\Tina\Desktop\wowclient-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\EA GAMES\Battlefield 1942\DedicatedServer.exe" = C:\Program Files\EA GAMES\Battlefield 1942\DedicatedServer.exe:*:Enabled:Run dedicated server -- File not found
"C:\Program Files\Blaster\RB1stGr\rb1.exe" = C:\Program Files\Blaster\RB1stGr\rb1.exe:*:Enabled: Reading Blaster 1st Grade -- (Davidson & Associates, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\NETGEAR\WG311T\wlancfg5.exe" = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe:*:Enabled:NETGEAR WG311T Wireless Assistant -- ()
"C:\Program Files\360Share Pro\Gui\360SharePro.exe" = C:\Program Files\360Share Pro\Gui\360SharePro.exe:*:Enabled:360Share Pro -- File not found
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- File not found
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)
"C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe" = C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:*:Enabled:Stronghold Legends -- (Firefly Studios)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{14374622-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Pro 2005
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus CX6000 Scanner Driver Update
"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2FD94FBC-07AE-475C-B522-BFE899B9048E}" = Garmin WebUpdater
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{47566D9F-6ED6-47C6-8A92-B5C01C44EDB4}" = WD Anywhere Backup
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{48A6E89E-D2D3-4DA7-8A7C-FBB8F1083409}" = SeaWorld Adventure Park Tycoon
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{5F0C7588-DC73-4465-8BAB-21813C1EC047}" = PDF Manual NW-E000 Series
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B1C023-4490-4A57-A7E1-F20268ECBE52}" = Windows Live Toolbar
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A304AC3-33CE-4220-B217-1FB62C23798C}" = Time Control 4.0
"{809987B2-F964-11D4-A1A5-00104BD190B1}" = QuickBooks Pro 2002
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel« Extreme Graphics 2 Driver
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{987AE1EA-9AF0-484D-A0F9-11A2E0EB4AA0}" = OpenOffice.org 2.0
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0
"{A0F584A7-B0C2-4D90-9580-15456B9CF63C}" = MapSource - Trip & Waypoint Manager v2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel« PROSet
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF16EEEF-3882-4003-B384-2EEDA56F1458}" = inLab
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF5EE349-90CD-4422-A43B-661778180173}" = USB Disk Win98 Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}" = Dragon NaturallySpeaking 9
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FC321AD2-48B4-4013-B997-A65D5FBBD006}" = NETGEAR WG311T Wireless Adapter
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"AnswerWorks" = AnswerWorks Runtime
"AudibleManager" = AudibleManager
"avast5" = avast! Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Corel Applications" = Corel Applications
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"CSCLIB" = Canon Camera Support Core Library
"EasyGPS_is1" = EasyGPS
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Family Origins 10.0" = Family Origins 10.0
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = Ahead InCD
"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{47566D9F-6ED6-47C6-8A92-B5C01C44EDB4}" = WD Anywhere Backup
"InstallShield_{A0F584A7-B0C2-4D90-9580-15456B9CF63C}" = MapSource - Trip & Waypoint Manager v2
"InstallShield_{AF16EEEF-3882-4003-B384-2EEDA56F1458}" = inLab 2.70.2200
"InstallShield_{FC321AD2-48B4-4013-B997-A65D5FBBD006}" = NETGEAR WG311T Wireless Adapter
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapSource" = MapSource
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MuVo Driver" = MuVo Driver
"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01
"PhotoStitch" = Canon Utilities PhotoStitch
"Prefetch Cleaner" = Prefetch Cleaner
"Print Artist 8.0" = SierraHome Print Artist 8.0
"PROSet" = Intel« PRO Network Adapters and Drivers
"Rainbow Sentinel Driver" = Sentinel System Driver
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Reading Blaster 1st Grade" = Reading Blaster 1st Grade
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"ROADL" = Runes of Avalon (remove only)
"RootsMagic_is1" = RootsMagic 3.2.4.0
"ShockwaveFlash" = Macromedia Flash Player 8
"Silent Package Run-Time Sample" = EPSON CX6000 Series User's Guide
"SysInfo" = Creative System Information
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"UnityWebPlayer" = Unity Web Player
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZENcast Organizer" = ZENcast Organizer
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 4/30/2009 7:05:06 PM | Computer Name = BART | Source = avast! | ID = 33554522
Description =

Error - 8/1/2009 5:25:33 PM | Computer Name = BART | Source = avast! | ID = 33554522
Description =

Error - 11/8/2009 5:50:56 PM | Computer Name = BART | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 3/13/2010 9:01:16 PM | Computer Name = BART | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/13/2010 9:01:16 PM | Computer Name = BART | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8782C6C304353BCFD29692D2593E7D44D934FF11.crt>
with error: This network connection does not exist.

Error - 3/13/2010 9:01:25 PM | Computer Name = BART | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/13/2010 9:01:25 PM | Computer Name = BART | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8782C6C304353BCFD29692D2593E7D44D934FF11.crt>
with error: This network connection does not exist.

Error - 3/13/2010 9:01:25 PM | Computer Name = BART | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/13/2010 9:01:25 PM | Computer Name = BART | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8782C6C304353BCFD29692D2593E7D44D934FF11.crt>
with error: This network connection does not exist.

Error - 3/13/2010 9:01:37 PM | Computer Name = BART | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 3/13/2010 9:01:38 PM | Computer Name = BART | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8782C6C304353BCFD29692D2593E7D44D934FF11.crt>
with error: A connection with the server could not be established

Error - 3/13/2010 9:01:38 PM | Computer Name = BART | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/13/2010 9:01:38 PM | Computer Name = BART | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8782C6C304353BCFD29692D2593E7D44D934FF11.crt>
with error: This network connection does not exist.

[ System Events ]
Error - 4/8/2010 5:08:10 AM | Computer Name = BART | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error
message: The referenced assembly is not installed on your system. .

Error - 4/8/2010 5:08:10 AM | Computer Name = BART | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\AvastUI.exe.
Reference
error message: The operation completed successfully. .

Error - 4/8/2010 7:49:12 PM | Computer Name = BART | Source = Service Control Manager | ID = 7000
Description = The a-squared Free Service service failed to start due to the following
error: %%21

Error - 4/8/2010 7:49:50 PM | Computer Name = BART | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.MFC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 4/8/2010 7:49:50 PM | Computer Name = BART | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error
message: The referenced assembly is not installed on your system. .

Error - 4/8/2010 7:49:50 PM | Computer Name = BART | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe.
Reference
error message: The operation completed successfully. .

Error - 4/8/2010 7:59:01 PM | Computer Name = BART | Source = Service Control Manager | ID = 7000
Description = The a-squared Free Service service failed to start due to the following
error: %%21

Error - 4/8/2010 7:59:09 PM | Computer Name = BART | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.MFC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 4/8/2010 7:59:09 PM | Computer Name = BART | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error
message: The referenced assembly is not installed on your system. .

Error - 4/8/2010 7:59:09 PM | Computer Name = BART | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe.
Reference
error message: The operation completed successfully. .


< End of report >

Edited by nutellapocky, 08 April 2010 - 09:42 PM.


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:05 PM

Posted 09 April 2010 - 07:50 AM

Hi nutellapocky,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (a2free)
    IE - HKU\S-1-5-21-2121459917-3671008713-2574487181-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-2121459917-3671008713-2574487181-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O4 - HKLM..\RunOnceEx: [] File not found
    [2008/07/16 14:27:47 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5711EF65
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21C2E351
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE36080E
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\msnmsgr.exe"=-
    "C:\Program Files\MSN Messenger\msncall.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\360Share Pro\Gui\360Share Pro.exe"=-
    "C:\Documents and Settings\Tina\Desktop\wowclient-downloader.exe"=-
    "C:\Program Files\LimeWire\LimeWire.exe"=-
    "C:\Program Files\MSN Messenger\msnmsgr.exe"=-
    "C:\Program Files\MSN Messenger\msncall.exe"=-
    "C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"=-
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"=-
    "C:\Program Files\EA GAMES\Battlefield 1942\DedicatedServer.exe"=-
    "C:\Program Files\Mozilla Firefox\firefox.exe"=-
    "C:\Program Files\360Share Pro\Gui\360SharePro.exe"=-
    "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe"=-
    "C:\Program Files\Ares\Ares.exe"=-
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.



Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe
  • Copy and paste the contents of mbr.log on your next reply.


Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • MBAM log
  • mbr.log

Thanks

unite.jpg


#5 nutellapocky

nutellapocky
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 09 April 2010 - 12:59 PM

I still can't update mbam from within the program and the definition I used is dated 3/25/2010 database 3913

OTL Result:

All processes killed
========== OTL ==========
Service a2free stopped successfully!
Service a2free deleted successfully!
Unable to set value : HKU\S-1-5-21-2121459917-3671008713-2574487181-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E!
Unable to set value : HKU\S-1-5-21-2121459917-3671008713-2574487181-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully.
C:\Program Files\temp01 moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5711EF65 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:21C2E351 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DE36080E deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\360Share Pro\Gui\360Share Pro.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Tina\Desktop\wowclient-downloader.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\IEXPLORE.EXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\Battlefield 1942\DedicatedServer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\360Share Pro\Gui\360SharePro.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares\Ares.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Andy
->Temp folder emptied: 572841918 bytes
->Temporary Internet Files folder emptied: 50344208 bytes
->Java cache emptied: 100370766 bytes
->FireFox cache emptied: 9864372 bytes
->Flash cache emptied: 1115879 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: kidsadmin
->Temp folder emptied: 575116 bytes
->Temporary Internet Files folder emptied: 85637 bytes
->FireFox cache emptied: 3794374 bytes
->Flash cache emptied: 348 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->FireFox cache emptied: 7377692 bytes
->Flash cache emptied: 13558 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Tina
->Temp folder emptied: 2040767902 bytes
->Temporary Internet Files folder emptied: 20805951 bytes
->Java cache emptied: 39051681 bytes
->FireFox cache emptied: 40374193 bytes
->Flash cache emptied: 1045190 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 5125385 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 24192 bytes
Windows Temp folder emptied: 1738672 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23946038 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3003919562 bytes

Total Files Cleaned = 5,649.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Andy
->Flash cache emptied: 0 bytes

User: Default User

User: kidsadmin
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Tina
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.1.0 log created on 04092010_103409

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

NEW OTL log:

OTL logfile created on: 4/9/2010 10:45:57 AM - Run 2
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Tina\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 631.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 36.41 Gb Free Space | 48.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BART
Current User Name: Tina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/08 17:07:48 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tina\Desktop\OTL.exe
PRC - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/07/10 19:26:36 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
PRC - [2008/07/10 19:26:26 | 001,291,488 | ---- | M] (Memeo Inc.) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/28 21:09:14 | 000,700,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2006/09/14 21:02:56 | 001,503,232 | ---- | M] () -- C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
PRC - [2006/06/25 16:27:52 | 002,297,856 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
PRC - [2006/04/25 18:30:38 | 000,036,864 | ---- | M] () -- C:\WINDOWS\SYSTEM32\acs.exe
PRC - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/02/16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [1999/03/29 22:37:40 | 000,225,280 | ---- | M] (Corel Corporation Limited) -- C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe


========== Modules (SafeList) ==========

MOD - [2010/04/08 17:07:48 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tina\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/07/10 19:26:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2006/05/08 05:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 18:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 18:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 18:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/25 18:30:38 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\acs.exe -- (ACS)
SRV - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/03/30 17:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe -- (KodakCCS)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/03/09 05:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys -- (aswTdi)
DRV - [2010/03/09 05:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys -- (aswSP)
DRV - [2010/03/09 05:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys -- (aswRdr)
DRV - [2010/03/09 05:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys -- (aswMon2)
DRV - [2010/03/09 05:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/09 05:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys -- (Aavmker4)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/06/18 09:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/01/13 15:53:47 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys -- (usbsermpt)
DRV - [2007/11/12 09:26:56 | 000,477,696 | R--- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2006/04/25 18:30:40 | 000,469,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WG311T13.sys -- (AR5211)
DRV - [2005/08/23 10:58:00 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/06/16 15:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcCam.sys -- (DcCam)
DRV - [2005/03/31 09:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 08:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 08:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcLps.sys -- (DcLps)
DRV - [2005/03/31 08:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 08:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcFpoint.sys -- (DcFpoint)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2004/12/17 07:52:10 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2004/12/17 07:52:10 | 000,026,120 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PfModNT.sys -- (PfModNT)
DRV - [2002/12/24 10:38:36 | 000,462,464 | ---- | M] (ahead software) [File_System | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bsudf.sys -- (BsUDF)
DRV - [2002/06/05 17:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://wwwyahoo.com"
FF - prefs.js..extensions.enabledItems: {0C7E3F01-99E9-4095-9BDC-F84724960B57}:5.0.0.4
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.0.3.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/22 20:46:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/22 20:46:54 | 000,000,000 | ---D | M]

[2009/01/12 23:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tina\Application Data\Mozilla\Extensions
[2010/04/02 22:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions
[2009/01/12 23:27:06 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2009/09/02 18:20:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/12 23:01:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/23 16:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions\moveplayer@movenetworks.com
[2010/01/15 10:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions\toolbar@shopathome.com
[2010/01/02 16:22:02 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\searchplugins\askcom.xml
[2010/04/02 22:23:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/12 21:08:44 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol308.dll
[2008/06/18 00:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/03/23 11:58:00 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\Mozilla Firefox\plugins\npImgCtl.dll
[2009/10/07 16:49:28 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/10/07 16:49:29 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2010/03/31 23:13:48 | 000,249,881 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8710 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe (Corel Corporation Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk = C:\WINDOWS\Installer\{47566D9F-6ED6-47C6-8A92-B5C01C44EDB4}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe ()
O4 - Startup: C:\Documents and Settings\Tina\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe (Nuance Communications, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{268e8507-fc90-11dd-8a74-001111dffd9e}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O33 - MountPoints2\{b4bd3e08-a5d7-11dc-86f6-001111dffd9e}\Shell\AutoRun\command - "" = MiniInstaller.exe
O33 - MountPoints2\{baf8b396-49f7-11dd-88a1-001111dffd9e}\Shell\Explore\command - "" = C:\WINDOWS\explorer.exe -- [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{baf8b396-49f7-11dd-88a1-001111dffd9e}\Shell\Launch\command - "" = E:\portablevaultaes.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/09 10:34:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/09 10:30:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/04/08 17:55:19 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tina\Desktop\OTL.exe
[2010/04/03 18:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tina\Desktop\gmer
[2010/04/03 12:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tina\Application Data\Office Genuine Advantage
[2010/04/02 22:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/04/01 08:54:55 | 000,477,696 | R--- | C] (ZyDAS Technology Corporation) -- C:\WINDOWS\System32\drivers\ZD1211BU.sys
[2010/04/01 00:16:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/01 00:16:34 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/01 00:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/31 23:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/03/31 22:59:27 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/03/31 22:59:18 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2010/03/15 15:14:25 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/03/15 15:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/03/15 12:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tina\My Documents\Simply Super Software
[2010/03/15 12:13:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/03/14 15:34:53 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/03/14 15:34:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/03/14 15:34:52 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/03/14 15:34:49 | 011,070,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/03/14 01:38:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/03/13 18:38:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tina\IETldCache
[2010/03/13 18:33:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/03/13 18:25:11 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Tina\Desktop\spybotsd162.exe
[2010/03/13 17:32:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/03/11 21:07:02 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2009/07/31 12:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/31 07:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/02/17 08:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2009/02/07 13:12:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/02/07 13:12:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/07 13:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/02/05 21:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2008/01/13 15:53:47 | 000,024,192 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Tina\usbsermptxp.sys
[2008/01/13 15:53:47 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Tina\usbsermpt.sys
[2007/03/02 09:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2007/03/02 09:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2005/12/29 21:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2005/05/11 14:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

========== Files - Modified Within 30 Days ==========

[2010/04/09 10:43:34 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Tina\NTUSER.DAT
[2010/04/09 10:38:06 | 000,002,371 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
[2010/04/09 10:38:04 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/04/09 10:37:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/04/09 10:37:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/09 10:37:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/04/09 10:37:41 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/09 10:37:05 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tina\NTUSER.INI
[2010/04/09 10:33:02 | 000,000,451 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/04/09 10:19:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tina\Desktop\mbr.exe
[2010/04/08 17:07:48 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tina\Desktop\OTL.exe
[2010/04/08 02:46:40 | 000,006,026 | ---- | M] () -- C:\Documents and Settings\Tina\Desktop\attach.zip
[2010/04/07 20:55:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tina\defogger_reenable
[2010/04/03 18:13:20 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Tina\Desktop\gmer.zip
[2010/04/03 16:30:59 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/02 22:19:28 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2010/04/01 20:14:28 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/01 20:14:27 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/01 01:00:37 | 000,002,794 | ---- | M] () -- C:\Documents and Settings\Tina\Application Data\SAS7_000.DAT
[2010/03/31 23:13:48 | 000,249,881 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/03/15 12:14:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/14 15:29:48 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/14 15:29:48 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/14 15:29:46 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/13 18:27:01 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Tina\Desktop\spybotsd162.exe
[2010/03/13 17:38:00 | 000,000,817 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/03/13 17:38:00 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI

========== Files Created - No Company Name ==========

[2010/04/09 10:30:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tina\Desktop\mbr.exe
[2010/04/08 02:46:40 | 000,006,026 | ---- | C] () -- C:\Documents and Settings\Tina\Desktop\attach.zip
[2010/04/07 20:55:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tina\defogger_reenable
[2010/04/03 18:13:21 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Tina\Desktop\gmer.zip
[2010/04/02 22:19:28 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2010/04/01 20:18:16 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/03/09 17:12:57 | 000,011,963 | ---- | C] () -- C:\Documents and Settings\Tina\hs_err_pid3480.log
[2010/03/05 14:05:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tina\jagex__preferences3.dat
[2009/10/09 13:41:04 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Tina\jagex_runescape_preferences2.dat
[2009/09/07 19:31:24 | 000,000,052 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/30 11:31:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tina\QBInstanceFinder.log
[2008/12/10 19:20:42 | 000,013,947 | ---- | C] () -- C:\Documents and Settings\Tina\hs_err_pid3076.log
[2008/07/01 13:33:24 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\Tina\jagex_runescape_preferences.dat
[2008/04/17 19:13:13 | 000,000,042 | ---- | C] () -- C:\WINDOWS\Tlcpromo.ini
[2008/04/17 18:17:01 | 000,000,635 | ---- | C] () -- C:\WINDOWS\Spidey.INI
[2008/01/13 15:53:47 | 000,007,195 | ---- | C] () -- C:\Documents and Settings\Tina\USBMOT2000.INF
[2008/01/13 15:53:47 | 000,005,891 | ---- | C] () -- C:\Documents and Settings\Tina\USBMOT2000XP.INF
[2008/01/13 15:53:47 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Tina\USB_CMCS_2000.INF
[2008/01/13 15:53:23 | 000,012,388 | ---- | C] () -- C:\Documents and Settings\Tina\Motorola_Driver_Log.txt
[2007/12/25 14:21:19 | 000,000,121 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/12/25 14:21:10 | 000,000,199 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/11/15 21:55:26 | 000,000,490 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2007/08/11 20:40:58 | 000,002,794 | ---- | C] () -- C:\Documents and Settings\Tina\Application Data\SAS7_000.DAT
[2007/08/11 19:54:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2007/03/03 09:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2007/01/06 16:49:03 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/01/06 16:45:46 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/01/06 16:44:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX6000.ini
[2006/12/26 18:36:00 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/08/29 15:37:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/08/21 11:13:42 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2006/05/21 21:16:58 | 000,000,056 | ---- | C] () -- C:\WINDOWS\cglp.ini
[2006/01/25 12:46:23 | 000,000,067 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/12/27 13:44:49 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/01 18:40:04 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/11/01 18:40:04 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/11/01 18:40:04 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/11/01 18:10:22 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\freeisys.dll
[2005/10/19 14:55:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/08/26 13:30:58 | 010,558,721 | ---- | C] () -- C:\Documents and Settings\Tina\╚┬F
[2005/08/24 19:19:54 | 000,000,406 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2005/08/16 21:16:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\qpw.INI
[2005/05/13 17:01:46 | 000,000,311 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2005/05/10 08:33:17 | 000,001,282 | ---- | C] () -- C:\WINDOWS\FOWin32.INI
[2005/04/03 19:12:02 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\FASTWiz.log
[2005/04/03 18:30:18 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\FASTWiz.html
[2005/04/03 18:27:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\fusioncache.dat
[2005/04/03 17:53:51 | 000,002,583 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/04/03 17:51:58 | 000,001,454 | ---- | C] () -- C:\WINDOWS\QfnOnl.ini
[2005/04/03 17:51:58 | 000,000,136 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2005/04/03 17:51:50 | 000,000,362 | ---- | C] () -- C:\WINDOWS\QDQICK.INI
[2005/04/03 17:51:50 | 000,000,038 | ---- | C] () -- C:\WINDOWS\ACCWIZ.INI
[2005/04/03 17:51:50 | 000,000,021 | ---- | C] () -- C:\WINDOWS\QFNOA.INI
[2005/03/30 21:40:03 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/03/30 21:04:37 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\fxdb.dll
[2005/03/30 21:04:01 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\iduninst.dll
[2005/03/30 21:03:27 | 001,213,440 | ---- | C] () -- C:\WINDOWS\System32\opengl.dll
[2005/03/30 21:03:26 | 000,315,904 | ---- | C] () -- C:\WINDOWS\System32\glu.dll
[2005/03/30 21:03:26 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\glut.dll
[2005/03/29 22:02:45 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Tina\convert.log
[2005/03/29 22:02:42 | 009,961,472 | ---- | C] () -- C:\Documents and Settings\Tina\NTUSER.DAT
[2005/03/29 22:02:42 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Tina\ntuser.dat.LOG
[2005/03/29 22:02:42 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Tina\NTUSER.INI
[2005/03/29 22:01:58 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2005/03/29 22:01:58 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2005/03/11 23:25:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/11 23:02:26 | 000,000,366 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 17:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1980/01/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
< End of report >

MBAM log:

Malwarebytes' Anti-Malware 1.44
Database version: 3913
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/9/2010 11:05:50 AM
mbam-log-2010-04-09 (11-05-50).txt

Scan type: Quick Scan
Objects scanned: 154845
Time elapsed: 6 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MBR log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

many thanks smile.gif


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:05 PM

Posted 09 April 2010 - 01:49 PM

Can you tell me how the computer is running now and if you are still having any problems other than mbam?

Do you get an error message when you try and update mbam, if so could you post it please.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    :Reg
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable"=dword:00000000
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=""
    :Commands
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.

unite.jpg


#7 nutellapocky

nutellapocky
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 09 April 2010 - 05:17 PM

The computer boots up as normal. I would connect to the network just to check if I can run/update the protection but I would disconnect promptly. Avast doesn't run and gives this error:
This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.


When I try to update within the program:

MBAM gives the error code: 732(12029,0)
Spybot S&D shows: Error retrieving update info file!


Unlike Avast, I could however run MBAM. I just tried to scan with Spybot S&D and it has already found 2 things:
DSSAgent
Fraud.Sysguard

I will let it finish scanning and will wait for your advice whether to remove the things it finds.

But before running SS&D, I ran OTL with the fix you noted and it asked to be rebooted but it did not produce a log.

I then scanned with OTL and here's the result:

OTL logfile created on: 4/9/2010 3:37:41 PM - Run 3
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Tina\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 643.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 36.35 Gb Free Space | 48.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BART
Current User Name: Tina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/08 17:07:48 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tina\Desktop\OTL.exe
PRC - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/07/10 19:26:36 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
PRC - [2008/07/10 19:26:26 | 001,291,488 | ---- | M] (Memeo Inc.) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/28 21:09:14 | 000,700,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2006/09/14 21:02:56 | 001,503,232 | ---- | M] () -- C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
PRC - [2006/06/25 16:27:52 | 002,297,856 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
PRC - [2006/04/25 18:30:38 | 000,036,864 | ---- | M] () -- C:\WINDOWS\SYSTEM32\acs.exe
PRC - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/02/16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [1999/03/29 22:37:40 | 000,225,280 | ---- | M] (Corel Corporation Limited) -- C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe


========== Modules (SafeList) ==========

MOD - [2010/04/08 17:07:48 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tina\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/07/10 19:26:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2006/05/08 05:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 18:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 18:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 18:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/25 18:30:38 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\acs.exe -- (ACS)
SRV - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/03/30 17:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe -- (KodakCCS)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/03/09 05:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys -- (aswTdi)
DRV - [2010/03/09 05:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys -- (aswSP)
DRV - [2010/03/09 05:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys -- (aswRdr)
DRV - [2010/03/09 05:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys -- (aswMon2)
DRV - [2010/03/09 05:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/09 05:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys -- (Aavmker4)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/06/18 09:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/01/13 15:53:47 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys -- (usbsermpt)
DRV - [2007/11/12 09:26:56 | 000,477,696 | R--- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2006/04/25 18:30:40 | 000,469,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WG311T13.sys -- (AR5211)
DRV - [2005/08/23 10:58:00 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/06/16 15:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcCam.sys -- (DcCam)
DRV - [2005/03/31 09:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 08:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 08:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcLps.sys -- (DcLps)
DRV - [2005/03/31 08:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 08:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcFpoint.sys -- (DcFpoint)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2004/12/17 07:52:10 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2004/12/17 07:52:10 | 000,026,120 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PfModNT.sys -- (PfModNT)
DRV - [2002/12/24 10:38:36 | 000,462,464 | ---- | M] (ahead software) [File_System | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bsudf.sys -- (BsUDF)
DRV - [2002/06/05 17:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://wwwyahoo.com"
FF - prefs.js..extensions.enabledItems: {0C7E3F01-99E9-4095-9BDC-F84724960B57}:5.0.0.4
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.0.3.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/22 20:46:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/22 20:46:54 | 000,000,000 | ---D | M]

[2009/01/12 23:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tina\Application Data\Mozilla\Extensions
[2010/04/02 22:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions
[2009/01/12 23:27:06 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2009/09/02 18:20:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/12 23:01:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/23 16:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions\moveplayer@movenetworks.com
[2010/01/15 10:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions\toolbar@shopathome.com
[2010/01/02 16:22:02 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\searchplugins\askcom.xml
[2010/04/02 22:23:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/12 21:08:44 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol308.dll
[2008/06/18 00:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/03/23 11:58:00 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\Mozilla Firefox\plugins\npImgCtl.dll
[2009/10/07 16:49:28 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/10/07 16:49:29 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2010/03/31 23:13:48 | 000,249,881 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8710 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe (Corel Corporation Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk = C:\WINDOWS\Installer\{47566D9F-6ED6-47C6-8A92-B5C01C44EDB4}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe ()
O4 - Startup: C:\Documents and Settings\Tina\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe (Nuance Communications, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{268e8507-fc90-11dd-8a74-001111dffd9e}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O33 - MountPoints2\{b4bd3e08-a5d7-11dc-86f6-001111dffd9e}\Shell\AutoRun\command - "" = MiniInstaller.exe
O33 - MountPoints2\{baf8b396-49f7-11dd-88a1-001111dffd9e}\Shell\Explore\command - "" = C:\WINDOWS\explorer.exe -- [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{baf8b396-49f7-11dd-88a1-001111dffd9e}\Shell\Launch\command - "" = E:\portablevaultaes.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/09 10:34:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/09 10:30:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/04/08 17:55:19 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tina\Desktop\OTL.exe
[2010/04/03 18:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tina\Desktop\gmer
[2010/04/03 12:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tina\Application Data\Office Genuine Advantage
[2010/04/02 22:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/04/01 20:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/04/01 08:54:55 | 000,477,696 | R--- | C] (ZyDAS Technology Corporation) -- C:\WINDOWS\System32\drivers\ZD1211BU.sys
[2010/04/01 00:16:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/01 00:16:34 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/01 00:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/31 23:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/03/31 22:59:27 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/03/31 22:59:18 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2010/03/15 15:14:25 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/03/15 15:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/03/15 12:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tina\My Documents\Simply Super Software
[2010/03/15 12:13:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/03/14 15:34:53 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/03/14 15:34:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/03/14 15:34:52 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/03/14 15:34:49 | 011,070,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/03/14 01:38:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/03/13 18:38:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tina\IETldCache
[2010/03/13 18:33:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/03/13 18:25:11 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Tina\Desktop\spybotsd162.exe
[2010/03/13 17:32:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/03/11 21:07:02 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2009/07/31 12:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/31 07:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/02/17 08:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2009/02/07 13:12:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/02/07 13:12:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/07 13:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/02/05 21:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2008/01/13 15:53:47 | 000,024,192 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Tina\usbsermptxp.sys
[2008/01/13 15:53:47 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Tina\usbsermpt.sys
[2007/03/02 09:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2007/03/02 09:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2005/12/29 21:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2005/05/11 14:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

========== Files - Modified Within 30 Days ==========

[2010/04/09 15:37:04 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Tina\NTUSER.DAT
[2010/04/09 15:32:49 | 000,002,371 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
[2010/04/09 15:32:45 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/04/09 15:32:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/04/09 15:32:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/09 15:32:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/04/09 15:32:25 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/09 15:31:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tina\NTUSER.INI
[2010/04/09 15:15:44 | 002,203,430 | ---- | M] () -- C:\Documents and Settings\Tina\Desktop\screencaps.bmp
[2010/04/09 11:09:34 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Tina\Desktop\mbr.exe
[2010/04/09 10:33:02 | 000,000,451 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/04/08 17:07:48 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tina\Desktop\OTL.exe
[2010/04/08 02:46:40 | 000,006,026 | ---- | M] () -- C:\Documents and Settings\Tina\Desktop\attach.zip
[2010/04/07 20:55:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tina\defogger_reenable
[2010/04/03 18:13:20 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Tina\Desktop\gmer.zip
[2010/04/03 16:30:59 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/02 22:19:28 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2010/04/01 20:14:28 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/01 20:14:27 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/01 01:00:37 | 000,002,794 | ---- | M] () -- C:\Documents and Settings\Tina\Application Data\SAS7_000.DAT
[2010/03/31 23:13:48 | 000,249,881 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/03/15 12:14:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/14 15:29:48 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/14 15:29:48 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/14 15:29:46 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/13 18:27:01 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Tina\Desktop\spybotsd162.exe
[2010/03/13 17:38:00 | 000,000,817 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/03/13 17:38:00 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI

========== Files Created - No Company Name ==========

[2010/04/09 15:15:43 | 002,203,430 | ---- | C] () -- C:\Documents and Settings\Tina\Desktop\screencaps.bmp
[2010/04/09 11:09:36 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Tina\Desktop\mbr.exe
[2010/04/08 02:46:40 | 000,006,026 | ---- | C] () -- C:\Documents and Settings\Tina\Desktop\attach.zip
[2010/04/07 20:55:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tina\defogger_reenable
[2010/04/03 18:13:21 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Tina\Desktop\gmer.zip
[2010/04/02 22:19:28 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2010/04/01 20:18:16 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/03/09 17:12:57 | 000,011,963 | ---- | C] () -- C:\Documents and Settings\Tina\hs_err_pid3480.log
[2010/03/05 14:05:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tina\jagex__preferences3.dat
[2009/10/09 13:41:04 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Tina\jagex_runescape_preferences2.dat
[2009/09/07 19:31:24 | 000,000,052 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/30 11:31:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tina\QBInstanceFinder.log
[2008/12/10 19:20:42 | 000,013,947 | ---- | C] () -- C:\Documents and Settings\Tina\hs_err_pid3076.log
[2008/07/01 13:33:24 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\Tina\jagex_runescape_preferences.dat
[2008/04/17 19:13:13 | 000,000,042 | ---- | C] () -- C:\WINDOWS\Tlcpromo.ini
[2008/04/17 18:17:01 | 000,000,635 | ---- | C] () -- C:\WINDOWS\Spidey.INI
[2008/01/13 15:53:47 | 000,007,195 | ---- | C] () -- C:\Documents and Settings\Tina\USBMOT2000.INF
[2008/01/13 15:53:47 | 000,005,891 | ---- | C] () -- C:\Documents and Settings\Tina\USBMOT2000XP.INF
[2008/01/13 15:53:47 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Tina\USB_CMCS_2000.INF
[2008/01/13 15:53:23 | 000,012,388 | ---- | C] () -- C:\Documents and Settings\Tina\Motorola_Driver_Log.txt
[2007/12/25 14:21:19 | 000,000,121 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/12/25 14:21:10 | 000,000,199 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/11/15 21:55:26 | 000,000,490 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2007/08/11 20:40:58 | 000,002,794 | ---- | C] () -- C:\Documents and Settings\Tina\Application Data\SAS7_000.DAT
[2007/08/11 19:54:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2007/03/03 09:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2007/01/06 16:49:03 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/01/06 16:45:46 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/01/06 16:44:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX6000.ini
[2006/12/26 18:36:00 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/08/29 15:37:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/08/21 11:13:42 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2006/05/21 21:16:58 | 000,000,056 | ---- | C] () -- C:\WINDOWS\cglp.ini
[2006/01/25 12:46:23 | 000,000,067 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/12/27 13:44:49 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/01 18:40:04 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/11/01 18:40:04 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/11/01 18:40:04 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/11/01 18:10:22 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\freeisys.dll
[2005/10/19 14:55:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/08/26 13:30:58 | 010,558,721 | ---- | C] () -- C:\Documents and Settings\Tina\╚┬F
[2005/08/24 19:19:54 | 000,000,406 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2005/08/16 21:16:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\qpw.INI
[2005/05/13 17:01:46 | 000,000,311 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2005/05/10 08:33:17 | 000,001,282 | ---- | C] () -- C:\WINDOWS\FOWin32.INI
[2005/04/03 19:12:02 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\FASTWiz.log
[2005/04/03 18:30:18 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\FASTWiz.html
[2005/04/03 18:27:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\fusioncache.dat
[2005/04/03 17:53:51 | 000,002,583 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/04/03 17:51:58 | 000,001,454 | ---- | C] () -- C:\WINDOWS\QfnOnl.ini
[2005/04/03 17:51:58 | 000,000,136 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2005/04/03 17:51:50 | 000,000,362 | ---- | C] () -- C:\WINDOWS\QDQICK.INI
[2005/04/03 17:51:50 | 000,000,038 | ---- | C] () -- C:\WINDOWS\ACCWIZ.INI
[2005/04/03 17:51:50 | 000,000,021 | ---- | C] () -- C:\WINDOWS\QFNOA.INI
[2005/03/30 21:40:03 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/03/30 21:04:37 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\fxdb.dll
[2005/03/30 21:04:01 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\iduninst.dll
[2005/03/30 21:03:27 | 001,213,440 | ---- | C] () -- C:\WINDOWS\System32\opengl.dll
[2005/03/30 21:03:26 | 000,315,904 | ---- | C] () -- C:\WINDOWS\System32\glu.dll
[2005/03/30 21:03:26 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\glut.dll
[2005/03/29 22:02:45 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Tina\convert.log
[2005/03/29 22:02:42 | 009,961,472 | ---- | C] () -- C:\Documents and Settings\Tina\NTUSER.DAT
[2005/03/29 22:02:42 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Tina\ntuser.dat.LOG
[2005/03/29 22:02:42 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Tina\NTUSER.INI
[2005/03/29 22:01:58 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2005/03/29 22:01:58 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2005/03/11 23:25:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/11 23:02:26 | 000,000,366 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 17:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1980/01/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
< End of report >



#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:05 PM

Posted 09 April 2010 - 05:24 PM

You had some proxy settings enabled which I think could have been stopping MBAM from updating, The last OTL script
has now fixed them settings, so please give updating it one more go and let me know if it works, thanks.

unite.jpg


#9 nutellapocky

nutellapocky
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 09 April 2010 - 05:38 PM

No luck updating MBAM T_T

The Spybot finished its scan (had it running only to see if it would work). It didn't find anything else other than the ones I've mentioned. Should I delete them?

Would reinstalling Avast make it work again?

Edited by nutellapocky, 09 April 2010 - 05:40 PM.


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:05 PM

Posted 09 April 2010 - 06:07 PM

Yes you should delete what spybot found I would also like to run another tool to make sure their isn't something else there
that is causing these problems. As for Avast reinstalling should fix it but let me know if it doesn't, thanks.


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix



unite.jpg


#11 nutellapocky

nutellapocky
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 09 April 2010 - 07:17 PM

Some improvements!
I deleted what Spybot found and I successfully uninstalled and re-installed Avast and it updated as well.

I then run Combofix and here's the log:

ComboFix 10-04-08.06 - Tina 04/09/2010 17:55:55.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.586 [GMT -6:00]
Running from: c:\documents and settings\Tina\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\eSellerateEngine.dll
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\bszip.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-10 to 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-09 23:21 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-09 23:21 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-09 23:21 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-09 23:21 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-09 23:21 . 2010-03-09 10:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-09 23:21 . 2010-03-09 10:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-09 23:21 . 2010-03-09 10:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-09 23:21 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-09 23:21 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-09 23:19 . 2010-04-09 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-04-09 16:34 . 2010-04-09 16:34 -------- d-----w- C:\_OTL
2010-04-09 16:30 . 2010-04-09 16:30 -------- d--h--w- c:\windows\PIF
2010-04-03 18:26 . 2010-04-03 18:26 -------- d-----w- c:\documents and settings\Tina\Application Data\Office Genuine Advantage
2010-04-03 04:19 . 2010-04-03 04:19 -------- d-----w- c:\program files\Runtime Software
2010-04-01 14:54 . 2007-11-12 15:26 477696 ----a-r- c:\windows\system32\drivers\ZD1211BU.sys
2010-04-01 06:16 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-01 06:16 . 2010-04-01 06:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-01 06:16 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-01 05:06 . 2010-04-01 05:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-01 04:59 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-04-01 04:59 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-04-01 04:59 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-04-01 04:59 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-03-15 21:14 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-03-15 21:13 . 2010-03-15 21:13 -------- d-----w- c:\program files\Panda Security
2010-03-15 18:13 . 2010-04-02 02:17 -------- d-----w- c:\windows\ie8updates
2010-03-14 21:34 . 2010-02-25 06:24 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-03-14 21:34 . 2010-02-25 06:24 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-14 21:34 . 2010-02-25 06:24 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-14 21:34 . 2010-02-25 06:24 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-14 21:34 . 2010-02-25 06:24 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-03-14 21:34 . 2010-02-25 17:54 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-03-14 00:38 . 2010-03-14 00:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-14 00:38 . 2010-03-14 00:38 -------- d-sh--w- c:\documents and settings\Tina\IETldCache
2010-03-14 00:33 . 2010-03-14 07:38 -------- dc-h--w- c:\windows\ie8
2010-03-12 03:07 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 07:00 . 2007-08-12 02:40 2794 ----a-w- c:\documents and settings\Tina\Application Data\SAS7_000.DAT
2010-04-01 06:16 . 2009-01-12 16:48 -------- d-----w- c:\documents and settings\Tina\Application Data\Malwarebytes
2010-04-01 06:16 . 2009-01-12 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-01 05:06 . 2009-01-10 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-15 20:10 . 2007-08-29 23:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-13 23:46 . 2008-04-07 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-10 01:27 . 2009-02-08 00:02 -------- d-----w- c:\program files\Alwil Software
2010-03-10 01:22 . 2010-03-10 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-09 15:12 . 2007-12-20 02:55 -------- d-----w- c:\documents and settings\Tina\Application Data\ZoomBrowser EX
2010-03-09 15:11 . 2007-12-20 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-03-05 20:06 . 2009-10-09 19:41 69 ----a-w- c:\documents and settings\Tina\jagex_runescape_preferences2.dat
2010-03-05 20:05 . 2010-03-05 20:05 0 ----a-w- c:\documents and settings\Tina\jagex__preferences3.dat
2010-03-05 20:00 . 2008-07-01 19:33 41 ----a-w- c:\documents and settings\Tina\jagex_runescape_preferences.dat
2010-02-25 06:24 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-29 700416]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2005-02-16 221184]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

c:\documents and settings\Andy\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]

c:\documents and settings\kidsadmin\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\Tina\Start Menu\Programs\Startup\
Dragon NaturallySpeaking.lnk - c:\program files\Nuance\NaturallySpeaking9\Program\natspeak.exe [2006-6-25 2297856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CorelCENTRAL Alarms.LNK - c:\program files\Corel\WordPerfect Office 2000\programs\alarm.exe [2005-3-30 225280]
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-9-14 1503232]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-5-17 806912]
WD Anywhere Backup Launcher.lnk - c:\windows\Installer\{47566D9F-6ED6-47C6-8A92-B5C01C44EDB4}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe [2009-2-16 84887]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ickgw32i

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\java.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Blaster\\RB1stGr\\rb1.exe"=
"c:\\Program Files\\NETGEAR\\WG311T\\wlancfg5.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 BsStor;InCD Storage Helper Driver;c:\windows\SYSTEM32\DRIVERS\bsstor.sys [4/3/2005 5:23 PM 9344]
R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [3/15/2010 3:14 PM 28552]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [4/9/2010 5:21 PM 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [4/9/2010 5:21 PM 19024]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [7/10/2008 7:26 PM 25824]
S3 TCFilter;TCFilter;c:\windows\system32\drivers\tcfilter.sys --> c:\windows\system32\drivers\tcfilter.sys [?]
S4 BsUDF;InCD UDF Driver;c:\windows\SYSTEM32\DRIVERS\bsudf.sys [4/3/2005 5:23 PM 462464]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER
.
Contents of the 'Scheduled Tasks' folder

2010-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-04-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.startup.homepage - hxxp://wwwyahoo.com
FF - plugin: c:\documents and settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\documents and settings\Tina\Application Data\Mozilla\Firefox\Profiles\zwd9dsv2.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npImgCtl.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
AddRemove-Reading Blaster 1st Grade - D:\setup.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 18:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-04-09 18:03:55
ComboFix-quarantined-files.txt 2010-04-10 00:03

Pre-Run: 38,762,504,192 bytes free
Post-Run: 38,710,267,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 8E7D628EDBB779731BDEBCE64E23C83F


To check if my internet connection works after the ComboFix scan, I opened MBAM just to update it and Lo and behold it did!

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:05 PM

Posted 10 April 2010 - 08:37 AM

Sounds like everything is back to normal then, let me know if you are still having any problems.


Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 19 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u19-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • ESET report
  • New DDS log

Thanks

unite.jpg


#13 nutellapocky

nutellapocky
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 10 April 2010 - 07:30 PM

I removed all old versions of Java and installed the latest without any incidents.

I tried to update Spybot and it returned an error message (same as last time) .

I then opened Firefox to start the ESET scan (I typed the address in the address bar and hit enter) and it was hijacked and redirected to a page beginning with Shop@home. I stopped it before it could load and went back to the ESET page.
Then I realized it was better to do it with IE so I closed Firefox and ran the ESET scan using IE.

Here is the log:
C:\Documents and Settings\Tina\Desktop\SetupGamevance.exe a variant of Win32/Adware.Gamevance.AE application cleaned by deleting - quarantined

And the DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Tina at 18:15:28.10 on Sat 04/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.582 [GMT -6:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\SYSTEM32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Tina\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\tina\startm~1\programs\startup\dragon~1.lnk - c:\program files\nuance\naturallyspeaking9\program\natspeak.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corelc~2.lnk - c:\program files\corel\wordperfect office 2000\programs\alarm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311t\wlancfg5.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ickgw32i

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tina\applic~1\mozilla\firefox\profiles\zwd9dsv2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.startup.homepage - hxxp://wwwyahoo.com
FF - plugin: c:\documents and settings\tina\application data\mozilla\firefox\profiles\zwd9dsv2.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\documents and settings\tina\application data\mozilla\firefox\profiles\zwd9dsv2.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npImgCtl.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12
============= SERVICES / DRIVERS ===============

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2005-4-3 9344]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-3-15 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-9 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-9 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-9 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-9 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-9 40384]
S3 TCFilter;TCFilter;c:\windows\system32\drivers\tcfilter.sys --> c:\windows\system32\drivers\tcfilter.sys [?]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2005-4-3 462464]

=============== Created Last 30 ================

2010-04-10 20:50:15 0 d-----w- c:\program files\ESET
2010-04-10 20:46:57 0 d-sh--w- c:\documents and settings\tina\PrivacIE
2010-04-10 20:32:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-10 20:04:19 0 d-----w- c:\documents and settings\tina\.SunDownloadManager
2010-04-09 23:53:38 0 d-sha-r- C:\cmdcons
2010-04-09 23:52:22 98816 ----a-w- c:\windows\sed.exe
2010-04-09 23:52:22 77312 ----a-w- c:\windows\MBR.exe
2010-04-09 23:52:22 261632 ----a-w- c:\windows\PEV.exe
2010-04-09 23:52:22 161792 ----a-w- c:\windows\SWREG.exe
2010-04-09 16:34:09 0 d-----w- C:\_OTL
2010-04-09 16:30:49 0 d--h--w- c:\windows\PIF
2010-04-08 02:55:16 0 ----a-w- c:\documents and settings\tina\defogger_reenable
2010-04-03 18:26:11 0 d-----w- c:\docume~1\tina\applic~1\Office Genuine Advantage
2010-04-03 04:19:25 0 d-----w- c:\program files\Runtime Software
2010-04-01 14:54:55 477696 ----a-r- c:\windows\system32\drivers\ZD1211BU.sys
2010-04-01 06:16:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-01 06:16:34 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-01 06:16:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-01 05:06:08 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-01 04:59:27 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-04-01 04:59:27 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-04-01 04:59:18 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-04-01 04:59:18 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-03-15 21:14:25 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-03-15 21:13:17 0 d-----w- c:\program files\Panda Security
2010-03-15 18:13:39 0 d-----w- c:\windows\ie8updates
2010-03-14 21:34:53 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-14 21:34:53 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-14 21:34:53 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-14 21:34:53 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-03-14 21:34:52 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-03-14 21:34:49 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-03-14 00:38:25 0 d-sh--w- c:\documents and settings\tina\IETldCache
2010-03-14 00:33:45 0 dc-h--w- c:\windows\ie8
2010-03-13 23:32:25 0 d-----w- c:\windows\pss
2010-03-12 03:07:02 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-04-10 20:31:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-01 07:00:37 2794 ----a-w- c:\docume~1\tina\applic~1\SAS7_000.DAT
2010-03-05 20:06:31 69 ----a-w- c:\documents and settings\tina\jagex_runescape_preferences2.dat
2010-03-05 20:05:36 0 ----a-w- c:\documents and settings\tina\jagex__preferences3.dat
2010-03-05 20:00:10 41 ----a-w- c:\documents and settings\tina\jagex_runescape_preferences.dat
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2010-02-25 06:24:37 916480 ------w- c:\windows\system32\wininet.dll
2010-02-25 06:24:37 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-02-25 06:24:37 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-02-25 06:24:37 1209344 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2010-02-25 06:24:36 5944832 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-02-25 06:24:35 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-02-25 06:24:35 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-02-25 06:24:34 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2006-04-26 00:30:40 469824 ----a-w- c:\windows\inf\wg311t\WG311T13.sys
2006-04-26 00:30:38 35232 ----a-w- c:\windows\inf\wg311t\ME_INST.EXE
2006-04-26 00:30:38 26112 ----a-w- c:\windows\inf\wg311t\install.exe

============= FINISH: 18:16:10.15 ===============

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:05 PM

Posted 11 April 2010 - 09:07 AM

Hello,

Do you have a firefox addon called fastbrowsersearch if so please uninstall it and let me know if the hijack stops.

unite.jpg


#15 nutellapocky

nutellapocky
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 11 April 2010 - 01:48 PM

There was a ShopAtHome add-on and I disabled it. There were fastbrowsersearch entries in the configuration of Firefox (about:config). I reset them back to google. I've been running some random searches just to see if it'll get hijacked but so far so good.

So is the system fairly clean now? What sort of virus was it that was blocking avast and the antiMalware updates?

Thanks a million




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users