Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack this log


  • This topic is locked This topic is locked
26 replies to this topic

#1 joetab24

joetab24

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 15 April 2010 - 06:09 AM

can't get rid of XP Antimalware 2010

off to work...i will post more later. thanks for any help you can provide.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:41 AM, on 4/15/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINNT\GWMDMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\tenbwoex.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\tenbwoex.slt\prefs.js)
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (file missing)
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Omnipage] "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-2830462828-475907614-3926193091-1003\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - S-1-5-21-2830462828-475907614-3926193091-1003 Startup: Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe (User '?')
O4 - S-1-5-21-2830462828-475907614-3926193091-1003 Startup: PowerReg Scheduler.exe (User '?')
O4 - Startup: Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - https://www.psea.org/CFIDE/classes/CFJava.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - https://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/26.34/uploader2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138670199218
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/....0/iewwload.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://ib.armstrong.com/ib/databases/actimage30717.cab
O16 - DPF: {BB95299D-B65B-47E0-8DDB-697A66298C3A} (UniVoiceX Control) - http://webcamnow.com/voice/voice.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O21 - SSODL: systemie - {EDECFFD3-DCD9-45FC-B708-0B35A1A7FFE1} - sysie.dll (file missing)
O21 - SSODL: systemha - 00000409{5A6B25DB-E3EB-4C45-95A5-C8044 - (no file)
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.chasem.net/images/stories/Jan2004/helokill1.gif
O24 - Desktop Component 1: (no name) - http://philadelphia.phillies.mlb.com/image...07/u3MHkoS2.jpg

--
End of file - 13390 bytes


BC AdBot (Login to Remove)

 


#2 joetab24

joetab24
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 15 April 2010 - 11:38 AM

what other info should i post?

i read a few threads of others who are/have dealt with a similar problem. i am having the same issues.

should i just copy what they did? or is there some type of info you need from me to begin?

#3 joetab24

joetab24
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 15 April 2010 - 03:13 PM

any help? please


===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the Malware Response Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to more than a week, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Elise - forum moderator

Edited by elise025, 16 April 2010 - 01:29 PM.


#4 joetab24

joetab24
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 17 April 2010 - 09:36 AM

ok....i think i've managed to solve my problem. thanks smile.gif

#5 joetab24

joetab24
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 18 April 2010 - 08:00 AM

thought i got rid of this. it's back!!


Sun 4/18 @ 9.22- just ran malwarebytes quick scan in safe mode. had to change file name to get it to run.


Sun 4/18 @ 10.00- removed quick scan problems detected. rebooted. ran a scan in regular mode. no problems detected. assuming this is not the end of this problem, since i did this the other day and the virus reappeared.

Edited by joetab24, 18 April 2010 - 09:16 AM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:16 PM

Posted 19 April 2010 - 10:30 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 joetab24

joetab24
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 19 April 2010 - 11:42 AM

great.....i will do this when i get home today.

#8 joetab24

joetab24
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 19 April 2010 - 03:32 PM

OTL logfile created on: 4/19/2010 3:54:25 PM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

751.00 Mb Total Physical Memory | 326.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 25.89 Gb Free Space | 33.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.83 Gb Total Space | 213.20 Gb Free Space | 91.57% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: S0031908390
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/19 15:42:04 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2010/04/14 12:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/27 23:13:16 | 000,530,416 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/03/18 02:00:35 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/18 22:50:14 | 001,185,264 | ---- | M] (Karen Kenworthy) -- C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/01/10 18:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINNT\wanmpsvc.exe
PRC - [2002/08/06 15:24:14 | 000,090,112 | ---- | M] (GTW) -- C:\WINNT\GWMDMMSG.exe


========== Modules (SafeList) ==========

MOD - [2010/04/19 15:42:04 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [On_Demand | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2004/04/21 13:16:02 | 001,434,848 | ---- | M] (America Online, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/01/10 18:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINNT\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINNT\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINNT\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/04/14 12:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINNT\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINNT\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/14 12:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINNT\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/05 15:58:40 | 000,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINNT\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2006/12/11 20:24:46 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/12/11 20:24:16 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/08/04 00:07:48 | 000,015,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/04 00:04:34 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/04/02 13:03:30 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2003/03/21 00:00:00 | 000,201,088 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2002/08/06 15:24:16 | 001,107,680 | ---- | M] (GTW) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\GWMDM.sys -- (GTWModem)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2000/09/12 00:39:10 | 000,006,208 | ---- | M] (Silitek Corp.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\Sk9920nt.sys -- (Sk9920nt)
DRV - [2000/09/11 18:32:28 | 000,007,552 | ---- | M] (Silitek Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sk99202k.sys -- (Sk99202k)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINNT\system32\shdocvw.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {10f34902-4384-df62-4c84-e4e2bb664445}:4.6.6.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.63
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:02:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/13 22:05:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/10 19:33:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/16 19:53:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2009/09/04 03:48:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/04/16 19:53:35 | 000,000,000 | ---D | M]

[2010/04/14 21:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/04/14 21:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/18 17:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yvtmb2l7.default\extensions
[2010/04/14 21:12:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yvtmb2l7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/16 15:25:14 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yvtmb2l7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/04/15 18:00:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yvtmb2l7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/18 17:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/14 21:09:05 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{10f34902-4384-df62-4c84-e4e2bb664445}
[2010/04/10 23:32:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/01 13:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 13:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/04/01 13:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/04/01 11:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 11:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 11:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 11:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 11:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 11:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 11:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/04/14 16:02:09 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll File not found
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [GWMDMMSG] C:\WINNT\GWMDMMSG.exe (GTW)
O4 - HKLM..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe File not found
O4 - HKLM..\Run: [Hot Key Kbd 9910 Daemon] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
O4 - HKU\.DEFAULT..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE File not found
O4 - HKU\S-1-5-18..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE File not found
O4 - HKU\S-1-5-21-2830462828-475907614-3926193091-1003..\Run: [Google Update] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-2830462828-475907614-3926193091-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe (Karen Kenworthy)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe ()
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINNT\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINNT\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINNT\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-18\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Key error.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} https://www.psea.org/CFIDE/classes/CFJava.cab (CFForm Runtime)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://support.gateway.com/support/profiler/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB (DoMoreRunExe.DoMoreRun)
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} http://makeover.substance.com/save/makeover.cab (AimSp32 Class)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab (Reg Error: Key error.)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} https://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/26.34/uploader2.cab (UploadListView Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab (EPUImageControl Class)
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} file://C:\Program Files\gateway\helpspot\TechTools.CAB (TechToolsActivex.TechTools)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1138670199218 (MUWebControl Class)
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB (RunExeActiveX.RunExe)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} http://chat.yahoo.com/cab/yuplapp.cab (Yahoo! Webcam Upload Wrapper)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} http://www.webcamnow.com/broadcast/ActiveXWebCam.cab (WebCam Control)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8052.5367361111 (Reg Error: Key error.)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab (InetDownload Class)
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} http://ib.armstrong.com/ib/databases/actimage30717.cab (Actimage Room Control)
O16 - DPF: {BB95299D-B65B-47E0-8DDB-697A66298C3A} http://webcamnow.com/voice/voice.cab (UniVoiceX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} http://chat.yahoo.com/cab/yvwrctl.cab (Yahoo! Webcam Viewer Wrapper)
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab (EPSImageControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Chat http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pool 2 http://download.games.yahoo.com/games/clients/y/potd_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINNT\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINNT\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINNT\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINNT\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINNT\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINNT\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINNT\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINNT\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINNT\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINNT\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: systemha - 00000409{5A6B25DB-E3EB-4C45-95A5-C8044served. - CLSID or File not found.
O21 - SSODL: systemie - {EDECFFD3-DCD9-45FC-B708-0B35A1A7FFE1} - File not found
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINNT\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINNT\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 () - http://www.chasem.net/images/stories/Jan2004/helokill1.gif
O24 - Desktop Components:1 () - http://philadelphia.phillies.mlb.com/image...07/u3MHkoS2.jpg
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINNT\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINNT\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINNT\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINNT\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINNT\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINNT\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINNT\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- Reg Error: Key error. File not found
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-21-2830462828-475907614-3926193091-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/19 11:55:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/18 11:53:53 | 000,093,872 | ---- | C] (Sunbelt Software) -- C:\WINNT\System32\drivers\SBREDrv.sys
[2010/04/18 11:53:53 | 000,027,944 | ---- | C] (Sunbelt Software) -- C:\WINNT\System32\sbbd.exe
[2010/04/18 11:53:04 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2010/04/18 11:27:11 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/04/18 07:53:09 | 000,011,112 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\192948760
[2010/04/18 07:53:09 | 000,011,104 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\58G3tyIDc
[2010/04/18 00:43:51 | 000,011,112 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\58G3tyIDc
[2010/04/18 00:43:51 | 000,011,104 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\58G3tyIDc
[2010/04/16 19:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/04/16 19:48:31 | 001,247,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINNT\RtlExUpd.dll
[2010/04/16 18:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010/04/16 18:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/04/16 16:35:42 | 000,285,696 | ---- | C] (NVIDIA Corporation) -- C:\WINNT\System32\cudart.dll
[2010/04/16 16:35:42 | 000,027,136 | ---- | C] (CPUID) -- C:\WINNT\System32\PCWizard.cpl
[2010/04/16 16:28:01 | 000,000,000 | ---D | C] -- C:\cabs
[2010/04/16 00:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/04/15 21:59:05 | 000,000,105 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\netstat.bat
[2010/04/15 16:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2010/04/15 16:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sunbelt
[2010/04/15 16:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2010/04/15 06:54:48 | 000,011,138 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\TcP0eIPn2W
[2010/04/15 05:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\avG
[2010/04/15 05:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/04/15 00:23:34 | 000,011,138 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\TcP0eIPn2W
[2010/04/15 00:23:34 | 000,011,130 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\TcP0eIPn2W
[2010/04/15 00:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/14 21:28:54 | 006,422,528 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/04/14 21:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\avG
[2010/04/14 21:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/14 21:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/04/14 21:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/04/14 21:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/04/14 17:48:57 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswFsBlk.sys
[2010/04/14 17:48:56 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswSP.sys
[2010/04/14 17:48:55 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswRdr.sys
[2010/04/14 17:48:54 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswTdi.sys
[2010/04/14 17:48:52 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswmon2.sys
[2010/04/14 17:48:52 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswmon.sys
[2010/04/14 17:48:51 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aavmker4.sys
[2010/04/14 17:47:38 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\aswBoot.exe
[2010/04/14 17:47:38 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\avastSS.scr
[2010/04/14 15:56:30 | 000,000,000 | ---D | C] -- C:\WINNT\temp
[2010/04/14 15:41:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/14 15:37:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2010/04/14 15:37:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2010/04/14 15:37:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2010/04/14 15:37:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2010/04/14 15:37:20 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2010/04/14 15:33:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/13 22:50:19 | 000,014,274 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\7SkRgtbX5FlAM
[2010/04/13 22:50:19 | 000,014,274 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7SkRgtbX5FlAM
[2010/04/12 17:42:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/12 17:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/12 17:42:21 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\v1fROpd.dat
[2010/04/11 04:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/11 04:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/10 19:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
[2010/04/10 12:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/10 11:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/04/10 09:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/04/10 09:27:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/04/10 09:27:26 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/04/10 09:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Malwarebytes' Anti-Malware
[2010/04/10 09:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/10 08:02:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/04/09 20:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/09 19:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/03/28 20:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.jnlp-applet
[2010/03/28 14:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/03/24 21:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/22 10:43:42 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2010/03/20 16:12:36 | 000,000,000 | -HSD | C] -- C:\WINNT\ftpcache
[2010/02/12 00:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/01 13:12:22 | 000,113,348 | ---- | C] () -- C:\Documents and Settings\Owner\MMugLog.log
[2010/01/01 13:05:34 | 000,678,594 | ---- | C] () -- C:\Documents and Settings\Owner\MMLog.log
[2009/12/13 10:46:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/13 10:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/29 15:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/09/15 19:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/11 20:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2009/01/08 20:16:00 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Owner\.gradebook_userdict.tlx
[2008/12/16 21:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2008/09/16 16:58:27 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\Owner\.powerschool_gradebook.properties
[2008/05/14 22:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Viewpoint
[2007/03/25 00:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2007/03/24 23:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2007/03/01 16:14:06 | 000,000,318 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/29 14:58:52 | 000,030,808 | ---- | C] () -- C:\WINNT\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | C] () -- C:\WINNT\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | C] () -- C:\WINNT\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | C] () -- C:\WINNT\Fonts\GlobalMonospace.CompositeFont
[2005/10/06 17:39:41 | 002,650,988 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2005/06/22 22:25:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dm.ini
[2005/06/22 22:25:50 | 000,001,746 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
[2004/10/04 21:11:08 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\Owner\usb
[2004/08/25 11:26:26 | 000,002,229 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\evpro32.prf
[2004/04/05 22:35:19 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
[2003/11/09 11:11:25 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/10/26 18:28:42 | 000,061,800 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2003/08/29 20:58:25 | 000,061,800 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
[2003/08/19 14:39:31 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2003/08/19 14:39:31 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2003/05/16 11:36:05 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Owner\ntuser.dat.LOG
[2003/05/16 11:36:05 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Owner\ntuser.ini
[2003/05/16 11:36:05 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2003/05/16 11:19:39 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[190 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[121 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/21 13:28:25 | 000,000,364 | ---- | M] () -- C:\WINNT\tasks\Symantec NetDetect.job
[2010/04/19 15:09:06 | 000,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/04/19 15:08:36 | 000,000,464 | ---- | M] () -- C:\WINNT\tasks\SDMsgUpdate (TE).job
[2010/04/19 15:08:16 | 000,000,882 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/19 15:08:16 | 000,000,380 | ---- | M] () -- C:\WINNT\tasks\SDMsgUpdate (SmartDrawTrial).job
[2010/04/19 15:08:13 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/04/19 15:07:41 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/04/19 15:07:40 | 787,271,680 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/19 14:05:01 | 000,000,886 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/19 06:12:07 | 006,422,528 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/04/19 06:12:07 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/04/18 21:37:41 | 000,001,890 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Karen's Replicator.lnk
[2010/04/18 20:52:44 | 000,002,626 | ---- | M] () -- C:\WINNT\System32\CONFIG.NT
[2010/04/18 11:38:10 | 000,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2010/04/18 09:09:12 | 000,011,104 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\58G3tyIDc
[2010/04/18 09:09:12 | 000,011,104 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\58G3tyIDc
[2010/04/18 07:53:20 | 000,011,112 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\192948760
[2010/04/16 19:39:51 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\missing.reg
[2010/04/16 18:56:34 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/04/16 18:18:54 | 000,000,926 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-2830462828-475907614-3926193091-1003Core.job
[2010/04/16 18:11:54 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2010/04/16 16:35:44 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PC Wizard 2010.lnk
[2010/04/15 21:59:05 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\netstat.bat
[2010/04/15 15:52:02 | 000,154,469 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2010/04/15 15:44:22 | 000,000,335 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FixExe.reg
[2010/04/15 15:29:48 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\explorer.scr.lnk
[2010/04/15 15:12:46 | 000,011,138 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\TcP0eIPn2W
[2010/04/15 00:58:25 | 000,000,664 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2010/04/14 19:45:33 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\v1fROpd.dat
[2010/04/14 17:48:58 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/14 16:02:09 | 000,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2010/04/14 15:41:26 | 000,000,277 | RHS- | M] () -- C:\boot.ini
[2010/04/14 15:30:46 | 000,014,274 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\7SkRgtbX5FlAM
[2010/04/14 15:30:46 | 000,014,274 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7SkRgtbX5FlAM
[2010/04/14 12:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINNT\System32\avastSS.scr
[2010/04/14 12:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINNT\System32\aswBoot.exe
[2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINNT\System32\drivers\aswTdi.sys
[2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINNT\System32\drivers\aswSP.sys
[2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINNT\System32\drivers\aswRdr.sys
[2010/04/14 12:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINNT\System32\drivers\aswmon2.sys
[2010/04/14 12:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINNT\System32\drivers\aswmon.sys
[2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINNT\System32\drivers\aswFsBlk.sys
[2010/04/14 12:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINNT\System32\drivers\aavmker4.sys
[2010/04/13 19:37:00 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2010/04/13 12:17:33 | 000,096,694 | ---- | M] () -- C:\WINNT\System32\cc0a4d61.exe
[2010/04/12 19:39:47 | 000,000,079 | ---- | M] () -- C:\WINNT\wininit.ini
[2010/04/11 20:40:10 | 000,116,558 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\porch1.skp
[2010/04/11 18:54:35 | 000,116,547 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\porch1.skb
[2010/04/11 09:46:10 | 000,066,078 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\porch.skp
[2010/04/10 19:33:28 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/10 16:40:20 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/10 12:54:14 | 007,899,168 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/04/10 12:13:00 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/04/10 11:32:42 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk
[2010/04/10 09:27:32 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\wuauclt.com.lnk
[2010/04/09 20:36:02 | 027,611,453 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NewUsers4_CreateAChair.zip
[2010/04/09 20:34:03 | 020,998,378 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NewUsers1_Concepts.zip
[2010/04/09 20:34:03 | 016,926,549 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NewUsers2_Edges.zip
[2010/04/09 19:35:03 | 000,000,552 | ---- | M] () -- C:\WINNT\System32\d3d8caps.dat
[2010/04/04 10:03:57 | 000,101,376 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\UPDATED BUDGET (updated1227) (version 1).xls
[2010/03/31 08:35:43 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$v deck plans.doc
[2010/03/30 22:00:18 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\rev deck plans.doc
[2010/03/30 13:30:19 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YNAB 3.lnk
[2010/03/30 12:48:52 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\deck plans20101248330.doc
[2010/03/30 11:53:03 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\deck plans2010.doc
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/03/28 19:15:43 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\deck plan.xls
[2010/03/24 13:59:52 | 000,433,128 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2010/03/24 13:59:52 | 000,067,718 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2010/03/24 13:59:51 | 000,509,278 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2010/03/24 06:35:35 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\Owner\.powerschool_gradebook.properties
[2010/03/22 14:22:42 | 001,247,776 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINNT\RtlExUpd.dll
[2010/03/22 10:43:42 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[190 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[121 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/18 09:40:56 | 787,271,680 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/16 19:36:17 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\missing.reg
[2010/04/16 18:56:34 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/04/16 18:11:54 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2010/04/16 18:10:28 | 000,000,926 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-2830462828-475907614-3926193091-1003Core.job
[2010/04/16 16:35:44 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PC Wizard 2010.lnk
[2010/04/16 16:35:43 | 000,327,168 | ---- | C] () -- C:\WINNT\System32\cutil32.dll
[2010/04/15 15:51:58 | 000,154,469 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2010/04/15 15:45:25 | 000,000,335 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FixExe.reg
[2010/04/15 15:29:48 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\explorer.scr.lnk
[2010/04/14 17:48:58 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/14 15:41:25 | 000,000,207 | ---- | C] () -- C:\Boot.bak
[2010/04/14 15:41:20 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/14 15:37:39 | 000,261,632 | ---- | C] () -- C:\WINNT\PEV.exe
[2010/04/14 15:37:39 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2010/04/14 15:37:39 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2010/04/14 15:37:39 | 000,077,312 | ---- | C] () -- C:\WINNT\MBR.exe
[2010/04/14 15:37:39 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2010/04/13 12:17:33 | 000,096,694 | ---- | C] () -- C:\WINNT\System32\cc0a4d61.exe
[2010/04/12 19:39:47 | 000,000,079 | ---- | C] () -- C:\WINNT\wininit.ini
[2010/04/11 18:29:49 | 000,116,547 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\porch1.skb
[2010/04/11 15:37:12 | 000,116,558 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\porch1.skp
[2010/04/11 09:46:09 | 000,066,078 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\porch.skp
[2010/04/10 19:33:28 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/10 12:54:06 | 007,899,168 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/04/10 12:13:00 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/04/10 11:32:42 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk
[2010/04/10 09:27:32 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\wuauclt.com.lnk
[2010/04/09 20:35:53 | 027,611,453 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NewUsers4_CreateAChair.zip
[2010/04/09 20:33:47 | 016,926,549 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NewUsers2_Edges.zip
[2010/04/09 20:33:45 | 020,998,378 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NewUsers1_Concepts.zip
[2010/04/09 19:35:03 | 000,000,552 | ---- | C] () -- C:\WINNT\System32\d3d8caps.dat
[2010/04/09 19:35:02 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2010/03/31 08:35:43 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$v deck plans.doc
[2010/03/30 22:00:15 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\rev deck plans.doc
[2010/03/30 13:30:19 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YNAB 3.lnk
[2010/03/30 12:48:51 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\deck plans20101248330.doc
[2010/03/30 11:25:36 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\deck plans2010.doc
[2010/03/28 19:15:43 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\deck plan.xls
[2010/02/26 00:23:14 | 000,000,431 | ---- | C] () -- C:\WINNT\AcroChallenge.ini
[2010/01/02 10:19:25 | 000,165,376 | ---- | C] () -- C:\WINNT\System32\unrar.dll
[2009/12/26 17:00:01 | 000,000,110 | ---- | C] () -- C:\WINNT\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/08/26 08:23:02 | 000,057,344 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll
[2009/08/26 08:23:02 | 000,000,547 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll.manifest
[2009/07/04 19:00:57 | 000,001,024 | RH-- | C] () -- C:\WINNT\System32\NTSHDW3.dll
[2009/03/24 16:56:13 | 000,000,000 | ---- | C] () -- C:\WINNT\SETUP32.INI
[2008/12/29 13:50:18 | 000,015,488 | ---- | C] () -- C:\WINNT\System32\drivers\mssmbios.sys
[2008/09/27 08:54:22 | 000,025,601 | ---- | C] () -- C:\WINNT\CSTBox.INI
[2007/12/15 11:33:49 | 000,000,693 | ---- | C] () -- C:\WINNT\NBEXER.INI
[2007/05/08 18:39:53 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2007/01/13 00:17:42 | 000,000,004 | ---- | C] () -- C:\WINNT\msoffice.ini
[2006/08/17 12:35:13 | 000,000,000 | ---- | C] () -- C:\WINNT\PestPatrol5.INI
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINNT\bdoscandellang.ini
[2005/02/21 13:55:59 | 000,002,158 | ---- | C] () -- C:\WINNT\System32\ssmute.ini
[2005/01/13 21:14:02 | 000,468,480 | ---- | C] () -- C:\WINNT\System32\NMDll.dll
[2005/01/13 21:14:02 | 000,020,480 | ---- | C] () -- C:\WINNT\yhl.dll
[2005/01/13 21:14:02 | 000,007,168 | ---- | C] () -- C:\WINNT\lq.dll
[2004/10/10 22:02:45 | 000,000,419 | ---- | C] () -- C:\WINNT\lexstat.ini
[2004/09/30 19:39:23 | 000,002,528 | ---- | C] () -- C:\WINNT\FCIC.INI
[2004/06/13 16:48:52 | 000,000,049 | ---- | C] () -- C:\WINNT\upth.ini
[2004/06/13 16:48:52 | 000,000,024 | ---- | C] () -- C:\WINNT\atid.ini
[2004/05/31 16:14:30 | 000,001,485 | ---- | C] () -- C:\WINNT\cdPlayer.ini
[2004/05/16 00:31:12 | 000,000,028 | ---- | C] () -- C:\WINNT\SIERRA.INI
[2004/01/17 16:35:03 | 000,000,000 | ---- | C] () -- C:\WINNT\OpPrintServer.INI
[2004/01/02 14:29:03 | 000,000,100 | ---- | C] () -- C:\WINNT\NBTRACK.INI
[2004/01/01 14:17:33 | 000,000,300 | ---- | C] () -- C:\WINNT\NBMP.INI
[2004/01/01 13:40:39 | 000,000,100 | ---- | C] () -- C:\WINNT\NBWP.INI
[2004/01/01 13:37:30 | 000,000,917 | ---- | C] () -- C:\WINNT\NBCLIENT.INI
[2004/01/01 13:31:59 | 000,004,183 | ---- | C] () -- C:\WINNT\nb4j.INI
[2003/12/13 16:24:28 | 000,000,199 | ---- | C] () -- C:\WINNT\kodakpcd.Owner.ini
[2003/10/11 14:59:31 | 000,000,525 | ---- | C] () -- C:\WINNT\MAXLINK.INI
[2003/08/24 13:49:13 | 000,000,027 | ---- | C] () -- C:\WINNT\UP9ASP.INI
[2003/08/15 09:08:58 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2003/08/15 08:51:56 | 000,000,605 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2003/08/15 08:51:56 | 000,000,052 | ---- | C] () -- C:\WINNT\intuprof.ini
[2003/08/15 08:51:12 | 000,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI
[2003/08/15 08:46:38 | 000,000,256 | ---- | C] () -- C:\WINNT\System32\UPDATE.INI
[2003/08/15 08:46:22 | 000,000,701 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2003/05/16 12:56:01 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2003/03/26 10:19:44 | 000,077,824 | ---- | C] () -- C:\WINNT\System32\LXBLLCNP.DLL
[2003/01/27 00:23:32 | 000,200,704 | ---- | C] () -- C:\WINNT\System32\lame_enc.dll
[2002/11/13 11:40:22 | 000,040,960 | ---- | C] () -- C:\WINNT\System32\lxblvs.dll
[2002/07/19 06:35:00 | 000,880,640 | ---- | C] () -- C:\WINNT\System32\vorbisenc.dll
[2002/07/19 06:35:00 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\vorbisfile.dll
[2002/07/19 06:34:00 | 000,974,848 | ---- | C] () -- C:\WINNT\System32\vorbis.dll
[2002/07/19 06:34:00 | 000,049,152 | ---- | C] () -- C:\WINNT\System32\ogg.dll
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINNT\System32\sysres.dll
[1980/01/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINNT\System32\e100bmsg.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[190 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\cf6c1ba56c7764149a9c95260aae3fa6\i386\sp2.cab:AGP440.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2007/05/08 18:38:41 | 022,245,337 | ---- | M] () .cab file -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\ERDNT\cache\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\ServicePackFiles\i386\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\system32\drivers\agp440.sys
[2001/08/17 13:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINNT\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\cf6c1ba56c7764149a9c95260aae3fa6\i386\sp2.cab:atapi.sys
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:atapi.sys
[2007/05/08 18:38:41 | 022,245,337 | ---- | M] () .cab file -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\sp2.cab:atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINNT\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINNT\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\atapi.sys
[2010/04/15 16:24:09 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\ERDNT\cache\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\ServicePackFiles\i386\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\atapi.sys
[2010/04/15 16:24:09 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\drivers\atapi.sys
[2002/10/24 15:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\WINNT\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\ERDNT\cache\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\ServicePackFiles\i386\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\system32\eventlog.dll
[2002/08/29 07:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINNT\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2003/03/21 00:00:00 | 000,201,088 | ---- | M] (Intel Corporation) MD5=18E3972D9632485D80D609D4674F9D83 -- C:\OEMDRVRS\iaStor.sys
[2003/03/21 00:00:00 | 000,201,088 | ---- | M] (Intel Corporation) MD5=18E3972D9632485D80D609D4674F9D83 -- C:\WINNT\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINNT\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\netlogon.dll
[2002/08/29 07:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINNT\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINNT\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINNT\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\ERDNT\cache\netlogon.dll
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\ServicePackFiles\i386\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netlogon.dll
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\ERDNT\cache\scecli.dll
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\ServicePackFiles\i386\scecli.dll
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\scecli.dll
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\system32\scecli.dll
[2002/08/29 07:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINNT\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

< MD5 for: [2001/08/17 13:58:00 | 000,025,472 | ---- | M] (MICROSOFT CORPORATION) >
[2001/08/17 13:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\$NtServicePackUninstall$\agp440.sys

< MD5 for: [2002/08/29 01:27:50 | 000,086,912 | ---- | M] (MICROSOFT CORPORATION) >
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: [2002/08/29 07:00:00 | 000,049,152 | ---- | M] (MICROSOFT CORPORATION) >
[2002/08/29 07:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINNT\$NtServicePackUninstall$\eventlog.dll

< MD5 for: [2002/08/29 07:00:00 | 000,174,592 | ---- | M] (MICROSOFT CORPORATION) >
[2002/08/29 07:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINNT\$NtServicePackUninstall$\scecli.dll

< MD5 for: [2002/08/29 07:00:00 | 000,399,360 | ---- | M] (MICROSOFT CORPORATION) >
[2002/08/29 07:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) -- C:\WINNT\$NtServicePackUninstall$\netlogon.dll

< MD5 for: [2002/10/24 15:59:48 | 000,087,040 | ---- | M] (MICROSOFT CORPORATION) >
[2002/10/24 15:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINNT\$NtServicePackUninstall$\atapi.sys

< MD5 for: [2003/03/21 00:00:00 | 000,201,088 | ---- | M] (INTEL CORPORATION) >
[2003/03/21 00:00:00 | 000,201,088 | ---- | M] (Intel Corporation) -- C:\OEMDRVRS\iaStor.sys
[2003/03/21 00:00:00 | 000,201,088 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\drivers\iaStor.sys

< MD5 for: [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINNT\ServicePackFiles\i386\atapi.sys

< MD5 for: [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\ERDNT\cache\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\ServicePackFiles\i386\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\agp440.sys

< MD5 for: [2004/08/04 01:56:44 | 000,055,808 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINNT\ERDNT\cache\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINNT\ServicePackFiles\i386\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\eventlog.dll

< MD5 for: [2004/08/04 01:56:46 | 000,180,224 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINNT\ERDNT\cache\scecli.dll
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINNT\ServicePackFiles\i386\scecli.dll
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\scecli.dll

< MD5 for: [2004/08/04 01:56:46 | 000,407,040 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINNT\ERDNT\cache\netlogon.dll
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINNT\ServicePackFiles\i386\netlogon.dll
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netlogon.dll

< MD5 for: [2004/08/04 01:59:42 | 000,095,360 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\atapi.sys

< MD5 for: [2004/08/04 02:07:41 | 000,042,368 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\agp440.sys

< MD5 for: [2004/08/04 03:56:42 | 000,055,808 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\eventlog.dll

< MD5 for: [2004/08/04 03:56:44 | 000,180,224 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\scecli.dll

< MD5 for: [2004/08/04 03:56:44 | 000,407,040 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netlogon.dll

< MD5 for: [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\agp440.sys

< MD5 for: [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\atapi.sys

< MD5 for: [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\eventlog.dll

< MD5 for: [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\netlogon.dll

< MD5 for: [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\scecli.dll

< MD5 for: [2009/02/06 14:46:09 | 000,408,064 | ---- | M] (MICROSOFT CORPORATION) >
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) -- C:\WINNT\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) -- C:\WINNT\$hf_mig$\KB975467\SP2QFE\netlogon.dll

< MD5 for: [2010/04/15 16:24:09 | 000,095,360 | ---- | M] (MICROSOFT CORPORATION) >
[2010/04/15 16:24:09 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINNT\ERDNT\cache\atapi.sys
[2010/04/15 16:24:09 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\atapi.sys

< MD5 for: AGP440.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\cf6c1ba56c7764149a9c95260aae3fa6\i386\sp2.cab:AGP440.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2007/05/08 18:38:41 | 022,245,337 | ---- | M] () .cab file -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\cf6c1ba56c7764149a9c95260aae3fa6\i386\sp2.cab:atapi.sys
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:atapi.sys
[2007/05/08 18:38:41 | 022,245,337 | ---- | M] () .cab file -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\sp2.cab:atapi.sys

< %systemroot%\*. /mp /s >

< End of report >


OTL Extras logfile created on: 4/19/2010 3:54:25 PM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

751.00 Mb Total Physical Memory | 326.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 25.89 Gb Free Space | 33.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.83 Gb Total Space | 213.20 Gb Free Space | 91.57% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: S0031908390
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- Reg Error: Key error. File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-21-2830462828-475907614-3926193091-1003\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\WINNT\system32\LEXPPS.EXE" = C:\WINNT\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE -- (Lexmark International, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Camera Window
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{14021E77-2FC1-4972-8C51-08808CD62838}_is1" = Leawo Free MP4 Converter version 2.2.0.3
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2266312B-3502-41EE-82CD-8DC62276D87B}" = Vz In Home Agent
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 18
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47D684C4-817D-11D5-818F-009027864C7F}" = pressplay
"{4C23837C-993E-11D4-9DE0-0060085C158A}" = KODAK Picture CD
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{5067397A-2935-4290-AE14-1BE2863B00A3}_is1" = Convert MP4 to MP3 1.5
"{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Lexmark Photo Center
"{54006725-544C-4CFB-91C9-1FDD2D1AD5A3}" = Verizon FiOS Media Manager
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{629E22AE-1254-4BFA-A859-AF195A1825CC}" = AnalogHole
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{79EE63DE-933B-8037-9FD6-DA3CCD704B37}" = YNAB 3
"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{81DCEC2B-E069-4985-978B-3230292AB744}" = NTI Shadow
"{820889C1-8B3A-4B0F-8D79-37235DDE4B41}" = LiveUpload to Facebook
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90A07F00-13B6-11D4-A3F6-004854601EDF}" = GoalPro
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = DVD
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = RemoteCapture 2.7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C4876FE6-1125-44C9-8C61-390DEBF4DCCF}" = MasterCook Deluxe
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7239ACC-601B-46BC-B48D-3998303A326D}" = OverDrive Media Console
"{C777D229-86EC-4E42-AAC4-D44CF7EA4847}" = Canon Camera WIA Driver
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2
"{CC33E708-A795-4AB3-908A-8F45919BC097}" = LeapFrog My Pals Plugin
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus®
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F10082FE-BACB-4E58-A423-DAD6BFC8B3A2}" = Gateway Ink Monitor
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA3D29BC-9440-4CB4-993D-189543036C1E}" = AcroChallenge 2.86
"{FB177696-0EEF-4979-92F4-A94B03F2E6F2}" = SVCD2DVD 2.5 DEMO
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"avast5" = avast! Free Antivirus
"avi.NET 2.5.8.0" = avi.NET 2.5.8.0
"AviSynth" = AviSynth 2.5
"cc0a4d61" = Contextual Tool Profitmuse
"CCleaner" = CCleaner
"com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1" = YNAB 3
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"Crossword Weaver 6.0" = Crossword Weaver 6.0
"Cucusoft YouTube Mate (Downloader+Player+Converter)_is1" = Cucusoft YouTube Mate 7.17
"doPDF 6 printer_is1" = doPDF 6.3 printer
"ExamView Import Utility" = ExamView Import Utility
"ExamView Pro" = ExamView Pro
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"Free RAR Extract Frog" = Free RAR Extract Frog
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"GTW V.92 Voicemodem" = GTW V.92 Voicemodem
"HijackThis" = HijackThis 2.0.2
"Hooked on Phonics Letter Names" = Hooked on Phonics Letter Names
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Lexmark Photo Center
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{81DCEC2B-E069-4985-978B-3230292AB744}" = NTI Shadow
"InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{C4876FE6-1125-44C9-8C61-390DEBF4DCCF}" = MasterCook Deluxe
"InstallShield_{C777D229-86EC-4E42-AAC4-D44CF7EA4847}" = Canon Camera WIA Driver 6.0
"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
"Karen's Replicator" = Karen's Replicator
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Basic)
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"McDougal Littell Test Generator" = McDougal Littell Test Generator
"MediaMonkey_is1" = MediaMonkey 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MrSID Viewer" = MrSID Viewer
"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
"Netscape (7.2)" = Netscape (7.2)
"NutriBase IV Junior v.4.72d Uninstall" = NutriBase IV Junior v.4.72d
"PC Wizard 2010_is1" = PC Wizard 2010.1.93
"PhotoRecord" = Canon PhotoRecord
"PROSet" = Intel® PRO Network Adapters and Drivers
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.12
"RealPlayer 6.0" = RealPlayer
"Replay Media Catcher2.20" = Replay Media Catcher
"Revo Uninstaller" = Revo Uninstaller 1.85
"Scrabble v2.0" = Scrabble v2.0
"Shockwave" = Shockwave
"SK_PS2MillenniumKeyboard" = PS/2 Millennium Keyboard
"SmartDraw 7 Trial Edition" = SmartDraw 7 Trial Edition
"Startup Delayer" = Startup Delayer v2.5 (build 138)
"Switch" = Switch Sound File Converter
"TR-2.0.1" = ThinkingRock-2.0.1
"TransMac" = TransMac
"Uninstall_is1" = Uninstall 1.0.0.1
"UPCShell" = LeapFrog Connect
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Verizon Help and Support" = Verizon Help and Support Tool
"Verizon Online DSL_is1" = Verizon Online DSL
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7
"YNAB_Pro_is1" = YNAB Pro version 1.1.0.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2830462828-475907614-3926193091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Pearl Jam Live" = Pearl Jam Live
"PowerTeacher Gradebook" = PowerTeacher Gradebook
"SmartDraw 2010" = SmartDraw 2010
"Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/19/2010 6:16:17 AM | Computer Name = S0031908390 | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 4/19/2010 6:16:17 AM | Computer Name = S0031908390 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/19/2010 8:35:01 AM | Computer Name = S0031908390 | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 4/19/2010 8:35:01 AM | Computer Name = S0031908390 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/19/2010 1:08:52 PM | Computer Name = S0031908390 | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 4/19/2010 1:08:52 PM | Computer Name = S0031908390 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/19/2010 2:21:34 PM | Computer Name = S0031908390 | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 4/19/2010 2:21:34 PM | Computer Name = S0031908390 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/19/2010 3:08:33 PM | Computer Name = S0031908390 | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 4/19/2010 3:08:33 PM | Computer Name = S0031908390 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

[ System Events ]
Error - 4/18/2010 3:51:43 PM | Computer Name = S0031908390 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/18/2010 3:51:45 PM | Computer Name = S0031908390 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/18/2010 8:37:34 PM | Computer Name = S0031908390 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/18/2010 8:37:36 PM | Computer Name = S0031908390 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/18/2010 9:26:35 PM | Computer Name = S0031908390 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/18/2010 9:26:36 PM | Computer Name = S0031908390 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/18/2010 10:07:44 PM | Computer Name = S0031908390 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/18/2010 10:07:54 PM | Computer Name = S0031908390 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/18/2010 10:08:30 PM | Computer Name = S0031908390 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/19/2010 6:35:02 AM | Computer Name = S0031908390 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >


I had Avast run a scheduled deep scan @ 6 pm this evening. According to the log, nothing was found; however, it appears Avast was disabled once the scan was complete. I think something may have shut it off.

I haven't seen any WINDOWS XP screens like I had been seeing though.

not sure if it's connected to anything, but AVAST said some files could not be scanned: Exception in standard viruses code (42104).

Edited by joetab24, 19 April 2010 - 07:32 PM.


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:16 PM

Posted 20 April 2010 - 09:28 AM

Hi,

please try to create a log from gmer next.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

Edited by myrti, 20 April 2010 - 09:29 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 joetab24

joetab24
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 21 April 2010 - 05:19 AM

ran GMER twice

in regular mode my computer restarted during the scan, which I think ended the scan


i ran it again and left the house. when i returned the GMER screen was gone. would the results have saved somewhere?

i ran it again in safe mode and went to bed. i believe the scans lasted a few hours. when i woke up, the computer had restarted and was in regular mode.

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:16 PM

Posted 21 April 2010 - 06:35 AM

Hi,

no, gmer shouldn't take that long. Could you please try to run gmer with only the option sections checked. If it takes more than 20minutes abort and let me know.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 joetab24

joetab24
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 21 April 2010 - 04:13 PM

ran the scan with only "sections" checked. had to do it in safe mode. in regular mode, the computer restarted during the scan. in safe mode, it said no modifications to the system detected.

Edited by joetab24, 21 April 2010 - 04:27 PM.


#13 joetab24

joetab24
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 23 April 2010 - 11:26 AM

still there? smile.gif

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:16 PM

Posted 24 April 2010 - 03:46 PM

Hi,

very sorry about the delay. Could you please run a scan with an updated ComboFix:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 joetab24

joetab24
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 24 April 2010 - 07:32 PM

ok

ComboFix 10-04-21.01 - Owner 04/24/2010 20:16:28.4.2 - x86
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
.

2010-04-20 00:07 . 2010-04-20 00:07 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-04-18 15:53 . 2009-09-07 18:02 27944 ----a-w- c:\winnt\system32\sbbd.exe
2010-04-18 15:53 . 2009-08-05 19:58 93872 ----a-w- c:\winnt\system32\drivers\SBREDrv.sys
2010-04-18 15:53 . 2010-04-18 20:12 -------- d-----w- C:\VIPRERESCUE
2010-04-17 10:23 . 2010-04-08 10:35 38784 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-16 23:48 . 2010-04-16 23:48 -------- d-----w- c:\program files\Realtek
2010-04-16 23:48 . 2010-03-22 18:22 1247776 ----a-w- c:\winnt\RtlExUpd.dll
2010-04-16 23:24 . 2010-04-16 23:24 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-04-16 22:56 . 2010-04-16 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-04-16 22:56 . 2010-04-20 00:06 -------- d-----w- c:\program files\McAfee Security Scan
2010-04-16 20:35 . 2009-10-06 22:32 327168 ----a-w- c:\winnt\system32\cutil32.dll
2010-04-16 20:35 . 2009-08-04 00:25 285696 ----a-w- c:\winnt\system32\cudart.dll
2010-04-16 20:28 . 2010-04-16 20:28 -------- d-----w- C:\cabs
2010-04-16 01:59 . 2010-04-16 01:59 105 ----a-w- c:\documents and settings\Owner\Application Data\netstat.bat
2010-04-15 20:26 . 2010-04-15 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2010-04-15 20:25 . 2010-04-15 20:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Sunbelt
2010-04-15 20:21 . 2010-04-15 20:21 -------- d-----w- c:\program files\Sunbelt Software
2010-04-15 09:08 . 2010-04-15 09:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\avG
2010-04-15 01:48 . 2010-04-15 01:48 -------- d-----w- c:\winnt\system32\wbem\Repository
2010-04-15 01:14 . 2010-04-15 01:14 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\avG
2010-04-15 01:14 . 2010-04-15 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-13 20:55 . 2010-04-15 01:14 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-04-13 16:17 . 2010-04-13 16:17 96694 ----a-w- c:\winnt\system32\cc0a4d61.exe
2010-04-11 08:06 . 2010-04-11 08:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-10 23:33 . 2010-04-10 23:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2010-04-10 16:12 . 2010-04-10 16:12 -------- d-----w- c:\program files\Trend Micro
2010-04-10 15:32 . 2010-04-10 15:32 -------- d-----w- c:\program files\VS Revo Group
2010-04-10 13:27 . 2010-04-10 13:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-04-10 13:27 . 2010-03-29 19:24 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-04-10 13:27 . 2010-04-10 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-10 13:27 . 2010-03-29 19:24 20824 ----a-w- c:\winnt\system32\drivers\mbam.sys
2010-04-09 23:35 . 2010-04-09 23:35 552 ----a-w- c:\winnt\system32\d3d8caps.dat
2010-04-09 23:35 . 2010-04-15 04:58 664 ----a-w- c:\winnt\system32\d3d9caps.dat
2010-03-29 00:44 . 2010-03-29 00:44 -------- d-----w- c:\documents and settings\Owner\.jnlp-applet
2010-03-28 18:53 . 2010-03-28 18:55 -------- d-----w- c:\program files\Common Files\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 09:24 . 2010-03-12 12:25 439816 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\setup.exe
2010-04-16 23:53 . 2008-08-10 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-16 23:48 . 2003-08-15 12:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-16 23:29 . 2010-01-02 14:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-04-16 21:54 . 2008-12-17 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-16 20:35 . 2010-02-17 22:31 -------- d-----w- c:\program files\CPUID
2010-04-16 03:02 . 2009-08-30 19:40 -------- d-----w- c:\program files\QuickTime
2010-04-16 03:02 . 2004-07-22 20:29 -------- d-----w- c:\program files\SymNetDrv
2010-04-16 01:53 . 2003-10-11 19:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon
2010-04-15 20:24 . 2007-05-08 22:39 95360 ----a-w- c:\winnt\system32\drivers\atapi.sys
2010-04-15 10:35 . 2008-01-04 17:05 -------- d-----w- c:\program files\Verizon
2010-04-15 01:14 . 2004-02-05 20:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-15 01:13 . 2004-02-01 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-14 23:45 . 2010-04-12 21:42 112 ----a-w- c:\documents and settings\All Users\Application Data\v1fROpd.dat
2010-04-14 16:47 . 2010-04-14 21:47 38848 ----a-w- c:\winnt\system32\avastSS.scr
2010-04-14 16:47 . 2010-04-14 21:47 153184 ----a-w- c:\winnt\system32\aswBoot.exe
2010-04-14 16:35 . 2010-04-14 21:48 46672 ----a-w- c:\winnt\system32\drivers\aswTdi.sys
2010-04-14 16:35 . 2010-04-14 21:48 162768 ----a-w- c:\winnt\system32\drivers\aswSP.sys
2010-04-14 16:31 . 2010-04-14 21:48 23376 ----a-w- c:\winnt\system32\drivers\aswRdr.sys
2010-04-14 16:31 . 2010-04-14 21:48 100432 ----a-w- c:\winnt\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2010-04-14 21:48 94800 ----a-w- c:\winnt\system32\drivers\aswmon.sys
2010-04-14 16:31 . 2010-04-14 21:48 19024 ----a-w- c:\winnt\system32\drivers\aswFsBlk.sys
2010-04-14 16:30 . 2010-04-14 21:48 28880 ----a-w- c:\winnt\system32\drivers\aavmker4.sys
2010-04-10 20:39 . 2009-08-30 19:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-04-10 16:51 . 2009-12-26 20:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-10 16:10 . 2003-08-24 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-04-10 16:10 . 2003-08-15 12:48 -------- d-----w- c:\program files\Viewpoint
2010-04-08 10:46 . 2010-02-07 14:19 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-28 23:19 . 2010-01-10 00:35 -------- d-----w- c:\program files\Alwil Software
2010-03-28 20:21 . 2008-01-04 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2010-03-25 01:35 . 2010-03-25 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-20 20:24 . 2010-03-20 20:24 20846064 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-12 20:26 . 2010-03-12 20:25 8405312 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-12 20:25 . 2010-03-12 20:25 149000 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-12 20:25 . 2010-03-12 20:25 10309448 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-12 20:25 . 2010-03-12 20:25 283280 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-12 20:25 . 2010-03-12 20:25 181768 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-12 20:25 . 2010-03-12 20:25 79368 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-12 20:25 . 2010-03-12 20:25 64000 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-12 20:25 . 2010-03-12 20:25 52288 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-12 20:25 . 2010-03-12 20:25 50688 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-12 20:25 . 2010-03-12 20:25 49152 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-12 20:25 . 2010-03-12 20:25 118784 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-11 10:50 . 2006-01-31 01:34 -------- d-----w- c:\program files\Google
2010-03-11 00:08 . 2005-05-09 23:33 -------- d-----w- c:\documents and settings\Owner\Application Data\SmartDraw
2010-03-10 23:08 . 2010-03-10 23:06 -------- d-----w- c:\program files\SmartDraw 2010
2010-02-28 01:57 . 2010-02-28 01:57 339968 ----a-w- c:\documents and settings\All Users\Application Data\WorldWinner\dealornodeal\dealornodeal.dll
2010-02-28 01:57 . 2010-02-28 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WorldWinner
2010-02-28 01:35 . 2010-02-28 01:35 137216 ----a-w- c:\documents and settings\All Users\Application Data\WorldWinner\shared\fmod.dll
2010-02-28 01:35 . 2010-02-28 01:35 618496 ----a-w- c:\documents and settings\All Users\Application Data\WorldWinner\familyfeud2\familyfeud2.dll
2010-02-26 14:27 . 2003-10-26 22:28 61800 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-26 06:12 . 2007-05-08 22:39 662016 ------w- c:\winnt\system32\wininet.dll
2010-02-26 06:12 . 2008-12-29 17:49 81920 ------w- c:\winnt\system32\ieencode.dll
2010-02-26 02:30 . 2010-02-26 02:30 -------- d-----w- c:\program files\Acrochallenge
2010-02-21 13:50 . 2010-02-21 13:50 25992 ----a-w- c:\winnt\system32\pgdfgsvc.exe
2010-02-18 23:12 . 2010-02-18 23:12 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a0aa02c-n\msvcr71.dll
2010-02-18 23:12 . 2010-02-18 23:12 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a0aa02c-n\msvcp71.dll
2010-02-18 23:12 . 2010-02-18 23:12 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2bd0b47e-n\decora-sse.dll
2010-02-18 23:12 . 2010-02-18 23:12 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a0aa02c-n\jmc.dll
2010-02-18 23:12 . 2010-02-18 23:12 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2bd0b47e-n\decora-d3d.dll
2010-02-10 17:13 . 2010-01-02 14:19 165376 ----a-w- c:\winnt\system32\unrar.dll
2010-02-10 09:13 . 2009-11-25 10:59 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.
CODE
<pre>
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\QuickTime\qttask     .exe
c:\program files\r2 Studios\Startup Delayer\Startup Launcher GUI .exe
c:\program files\ScanSoft\OmniPageSE\opware32 .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\Symantec\LiveUpdate\ALUNotify .exe
c:\program files\Verizon\McciTrayApp .exe
c:\program files\Verizon\VSP\VerizonServicepoint .exe
</pre>


((((((((((((((((((((((((((((( SnapShot@2010-04-18_14.55.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-24 23:26 . 2010-04-24 23:26 16384 c:\winnt\temp\Perflib_Perfdata_550.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}"= "c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [N/A]
"GWMDMpi"="c:\winnt\GWMDMpi.exe" [N/A]
"GWMDMMSG"="GWMDMMSG.exe" [2002-08-06 90112]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [N/A]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [N/A]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec Network Driver Update Warning"="c:\progra~1\Symantec\LIVEUP~1\SNDWarn.EXE" [N/A]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Karen's Replicator.lnk - c:\program files\Karen's Power Tools\Replicator\PTReplicator.exe [2008-11-18 1185264]
PowerReg Scheduler.exe [2007-8-14 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"systemie"= {EDECFFD3-DCD9-45FC-B708-0B35A1A7FFE1} - sysie.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 06:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Ink Monitor]
2003-06-25 01:33 303180 ----a-w- c:\program files\Gateway Utilities\GWInkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2009-11-10 15:14 443728 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\QTTask.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneClone]
c:\program files\TuneClone\TuneClone.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\WINNT\\system32\\LEXPPS.EXE"=

R0 tclondrv;tclondrv;c:\winnt\System32\DRIVERS\tclondrv.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 PCDRDRV;Pcdr Helper Driver;c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [x]
S1 aswSP;aswSP; [x]
S1 SBRE;SBRE;c:\winnt\system32\drivers\SBREdrv.sys [2009-08-05 93872]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
S2 aswFsBlk;aswFsBlk; [x]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-13 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-04-24 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 04:49]

2010-04-25 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 04:49]

2010-04-24 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-2830462828-475907614-3926193091-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-16 06:00]

2010-04-24 c:\winnt\Tasks\SDMsgUpdate (SmartDrawTrial).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2005-05-09 19:58]

2010-04-24 c:\winnt\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~2\Messages\SDNotify.exe [2010-03-10 16:21]

2010-04-24 c:\winnt\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-15 22:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: musicmatch.com\online
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\Gateway\Do More\DoMoreRunExe.CAB
DPF: {511073AD-BE56-4D43-AE68-93390514385E} - file://c:\program files\gateway\helpspot\TechTools.CAB
DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} - hxxp://ib.armstrong.com/ib/databases/actimage30717.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yvtmb2l7.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - component: c:\program files\Mozilla Firefox\extensions\{10f34902-4384-df62-4c84-e4e2bb664445}\components\3daf487a.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
ShellIconOverlayIdentifiers-{747E722C-CB46-4A9D-BDFE-192AAD5099B1} - (no file)
ShellIconOverlayIdentifiers-{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20} - (no file)
SSODL-systemha-00000409{5A6B25DB-E3EB-4C45-95A5-C8044 - (no file)



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3932)
c:\program files\Microsoft Office\Office10\msohev.dll
c:\winnt\system32\browselc.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2010-04-24 20:29:43
ComboFix-quarantined-files.txt 2010-04-25 00:29

Pre-Run: 27,102,212,096 bytes free
Post-Run: 27,070,746,624 bytes free

- - End Of File - - 247520203740F650BE13AA0B1B93A2E1





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users