Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Device Can Generate Master Keys From Valid or Expired Hotel Keys

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Rouge Anti Spyware

Started by malibuskier , Apr 30 2010 08:57 PM

This topic is locked

38 replies to this topic

#1 malibuskier

Members
32 posts
OFFLINE

Local time:12:47 PM

Posted 30 April 2010 - 08:57 PM

Hello all,
I am having quite a time fixing my daughters computer. I think she surfed a little too long without antivirus or malware software in place and now I have to clean up the mess. It started with a phony security program and now I am not sure what it is. I have run registered (full) versions of Spyware Doctor and RegCure as well as freeware versions of Malwarebytes', Spybot/Tea Timer, Spyware Blaster, Microsoft Security Essentials and Avast Antivirus. The last running of Spybot turned up XP Antispyware entries and have thus been removed. The Microsoft Security Essentials caught a virus called Win32/Alureon.H and cleaned it.

I ran through the steps as requested and have completed 1-7. The GMER keeps bombing out and has yet to complete, but I will keep trying

. The last time I got the BSOD and the error said there was a problem with FXTDYPOG.SYS address B1735c3E base at B1735000 Date Stam 4b274f8d and to shut the computer down.

Here are the logs and any help would be greatly appreciated.

Dave

DDS
DDS (Ver_10-03-17.01) - NTFSx86
Run by Michelle at 18:24:07.17 on Fri 04/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1254 [GMT -7:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080129
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Free TV Bar Toolbar: {a0729639-d831-46c9-811b-9b0aa79fb45a} - c:\program files\free_tv_bar\tbFre1.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Free TV Bar Toolbar: {a0729639-d831-46c9-811b-9b0aa79fb45a} - c:\program files\free_tv_bar\tbFre1.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\michelle\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\michelle\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgentLauncher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202185633290
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271572515625
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} - hxxp://72.54.245.186:8050/xplugLiteAL.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-14 207280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-10 162768]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-10 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-10 40384]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
S2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon --> c:\program files\common files\symantec shared\ccSvcHst.exe [?]
S2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon --> c:\program files\common files\symantec shared\ccSvcHst.exe [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-10 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-10 40384]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\coh_mon.sys --> c:\windows\system32\drivers\COH_Mon.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20080824.007\naveng.sys --> c:\progra~1\common~1\symant~1\virusd~1\20080824.007\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20080824.007\navex15.sys --> c:\progra~1\common~1\symant~1\virusd~1\20080824.007\NAVEX15.SYS [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-4-17 365280]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-4-17 1141712]
S3 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]
S4 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-4-14 233136]
S4 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-4-14 70408]

============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2010-04-30 20:07:45 525824 ----a-w- C:\dds.scr
2010-04-30 20:00:09 0 ----a-w- c:\documents and settings\michelle\defogger_reenable
2010-04-29 23:34:08 30784 ----a-w- c:\windows\system32\drivers\lxfyoivq.sys
2010-04-29 23:34:08 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sysC6EA1355
2010-04-29 22:58:31 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-18 22:07:38 0 d-----w- c:\program files\Microsoft Security Essentials
2010-04-18 21:45:17 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-18 21:08:51 0 d-----w- c:\docume~1\michelle\applic~1\ParetoLogic
2010-04-18 21:08:43 0 d-----w- c:\program files\common files\ParetoLogic
2010-04-18 21:08:40 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-04-18 21:08:38 0 d-----w- c:\program files\ParetoLogic
2010-04-18 20:50:15 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure
2010-04-18 02:24:31 0 d-----w- c:\docume~1\michelle\applic~1\Malwarebytes
2010-04-18 02:24:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 02:24:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-18 02:24:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 02:24:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 02:10:24 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-14 20:27:29 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-04-14 20:27:29 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-14 20:27:11 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-14 20:27:11 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-04-14 20:27:11 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-04-14 20:27:11 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-14 20:26:53 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-04-14 20:26:53 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-14 20:26:23 0 d-----w- c:\program files\common files\PC Tools
2010-04-14 20:26:22 0 d-----w- c:\program files\Spyware Doctor
2010-04-14 20:26:22 0 d-----w- c:\docume~1\michelle\applic~1\PC Tools
2010-04-14 20:26:22 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-04-14 20:16:18 0 d-----w- c:\docume~1\michelle\applic~1\GetRightToGo
2010-04-14 20:08:51 0 d-----w- c:\docume~1\michelle\applic~1\Office Genuine Advantage
2010-04-12 21:44:01 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-11 02:07:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-04-08 22:26:12 0 d-----w- c:\docume~1\michelle\applic~1\PriceGong
2010-04-08 22:26:03 0 d-----w- c:\program files\Conduit
2010-04-08 22:26:01 0 d-----w- c:\program files\Free_TV_Bar
2010-04-08 21:44:29 60720 ---ha-w- c:\windows\system32\mlfcache.dat

==================== Find3M ====================

2010-04-30 04:12:32 24576 ----a-w- c:\windows\system32\drivers\Kbdclass.sys
2010-04-30 00:32:15 24576 ----a-w- c:\windows\system32\dllcache\kbdclass.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 18:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-17 16:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2008-08-25 00:09:36 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082420080825\index.dat

============= FINISH: 18:26:08.32 ===============

OTL:
OTL logfile created on: 4/30/2010 12:35:33 PM - Run 1
OTL by OldTimer - Version 3.2.3.1 Folder = C:\Documents and Settings\Michelle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 32.56 Gb Free Space | 29.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 15.66 Mb Total Space | 11.64 Mb Free Space | 74.38% Space Free | Partition Type: NTFS
Drive F: | 1.92 Gb Total Space | 1.59 Gb Free Space | 82.83% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MITCH
Current User Name: Michelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/29 22:04:18 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
PRC - [2010/04/14 09:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/04/14 09:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/23 16:20:12 | 012,764,440 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/01/18 14:14:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/19 06:29:38 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/14 23:12:50 | 002,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
PRC - [2008/03/14 23:12:48 | 002,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
PRC - [2008/01/29 13:10:24 | 001,838,592 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/01/29 13:10:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/01/11 19:54:31 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/12/17 10:00:14 | 001,852,928 | ---- | M] (Cisco Systems, Inc) -- C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
PRC - [2007/11/08 21:50:10 | 001,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/09/14 09:53:16 | 000,218,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2007/09/10 08:55:04 | 000,092,160 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2007/09/07 16:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2007/07/25 15:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 15:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 15:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 15:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 15:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/07/25 15:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/05/14 13:23:32 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/05/14 13:21:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/04/15 20:49:16 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2007/04/15 20:49:08 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/04/15 20:49:08 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/04/15 20:49:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/02/18 22:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/02/18 22:26:32 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/01/11 19:43:46 | 002,150,400 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006/12/19 13:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/12/18 14:22:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/12/15 10:41:30 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2006/11/03 17:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/02 13:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/10/27 19:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006/10/20 16:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/02/06 22:00:20 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006/01/23 22:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

========== Modules (SafeList) ==========

MOD - [2010/04/29 22:04:18 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/09/09 22:54:58 | 000,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2007/05/14 13:24:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Symantec Core LC)
SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [On_Demand | Stopped] -- -- (comHost)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [Auto | Stopped] -- -- (ccSetMgr)
SRV - File not found [Auto | Stopped] -- -- (ccEvtMgr)
SRV - [2010/04/14 09:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/04/14 09:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/04/14 09:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/02/06 15:23:13 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/01/29 13:10:24 | 001,838,592 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2008/01/29 13:10:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/11/08 21:50:10 | 001,552,384 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/09/13 13:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/09/07 16:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2007/08/31 16:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/07/25 15:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/07/25 15:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/07/25 15:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/07/25 15:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/05/14 13:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/02/18 22:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2006/12/19 13:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)

========== Driver Services (SafeList) ==========

DRV - [2010/04/14 09:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/04/14 09:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/04/14 09:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/04/14 09:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/04/14 09:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/14 09:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/06/13 14:14:02 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2008/06/13 14:14:02 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2008/04/13 12:15:45 | 000,064,512 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 11:40:12 | 000,015,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/01 18:24:53 | 000,081,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/12/02 17:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 17:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 17:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/12/02 17:06:06 | 000,046,992 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007/11/28 15:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/09/10 08:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 08:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2007/09/06 08:18:40 | 000,018,176 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
DRV - [2007/08/12 17:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/05/31 14:50:20 | 006,727,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/05/29 14:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/04/26 13:29:30 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/04/26 13:29:28 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/04/26 13:29:28 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/04/26 13:29:28 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2007/04/26 13:29:26 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/26 13:29:26 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/04/26 13:29:24 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2007/04/15 20:49:08 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/18 14:44:38 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/18 22:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/12/19 13:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/02 11:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/08/18 12:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 12:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 12:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 12:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 12:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 12:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 12:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 12:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 09:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 09:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080129
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/...?channel=us-smb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080129

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080129
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080129
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080129
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080129
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 9D 2E 41 1D E8 CA 01 [binary data]
IE - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2010/04/18 15:03:05 | 000,391,944 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13539 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Free TV Bar Toolbar) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFre1.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Free TV Bar Toolbar) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\..\Toolbar\WebBrowser: (Free TV Bar Toolbar) - {A0729639-D831-46C9-811B-9B0AA79FB45A} - C:\Program Files\Free_TV_Bar\tbFre1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-21-3994899645-877071034-1974563477-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe ()
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1202185633290 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1271572515625 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} http://72.54.245.186:8050/xplugLiteAL.cab (Gif89 Lite Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (waveGina.dll) - C:\WINDOWS\System32\waveGina.dll (Wave Systems Corp.)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O24 - Desktop WallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{13babaa4-e316-11dc-8aee-001e377ee724}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O33 - MountPoints2\{19299411-116a-11dd-8b00-001e377ee724}\Shell - "" = AutoRun
O33 - MountPoints2\{19299411-116a-11dd-8b00-001e377ee724}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19299411-116a-11dd-8b00-001e377ee724}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{73836c29-c4fa-11dd-8b68-001e377ee724}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe -- File not found
O33 - MountPoints2\{c921492d-1875-11dd-8b03-001e377ee724}\Shell - "" = AutoRun
O33 - MountPoints2\{c921492d-1875-11dd-8b03-001e377ee724}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c921492d-1875-11dd-8b03-001e377ee724}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c921492e-1875-11dd-8b03-001e377ee724}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{c921492e-1875-11dd-8b03-001e377ee724}\Shell\explore\Command - "" = G:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{c921492e-1875-11dd-8b03-001e377ee724}\Shell\open\Command - "" = G:\EXPLORER.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 16:02:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: RoxioDragToDisc - hkey= - key= - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1466C91D-ED9D-E4BA-676D-0C68AC0B4B46} - Browser Customizations
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {259D210F-B8A2-D8E4-4F47-CB5ECCFF3C2B} - Internet Explorer
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {944B3A27-CD3A-D5B5-1436-27EC885A57FE} - Browser Customizations
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D83C82B6-4F98-A00F-F7E7-E7400C2CA1BC} - Java (Sun)
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/30 12:34:42 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
[2010/04/29 16:34:08 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lxfyoivq.sys
[2010/04/29 15:58:31 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/04/18 15:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/04/18 14:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/18 14:45:17 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/18 14:45:17 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/18 14:45:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/18 14:45:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/18 14:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\ParetoLogic
[2010/04/18 14:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/04/18 14:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/04/18 14:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010/04/18 13:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/04/18 13:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/04/17 22:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Free_TV_Bar
[2010/04/17 19:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Malwarebytes
[2010/04/17 19:24:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/17 19:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/17 19:24:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/17 19:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/17 19:07:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/04/17 18:56:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michelle\Recent
[2010/04/15 15:06:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/14 13:27:29 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/04/14 13:27:11 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/04/14 13:27:11 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/04/14 13:26:53 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/04/14 13:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/04/14 13:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/14 13:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\PC Tools
[2010/04/14 13:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/04/14 13:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\Downloads
[2010/04/14 13:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\GetRightToGo
[2010/04/14 13:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Office Genuine Advantage
[2010/04/12 14:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/12 14:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/04/10 19:08:07 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/10 19:08:07 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/10 19:08:05 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/10 19:08:04 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/10 19:08:01 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/10 19:08:01 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/10 19:08:00 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/10 19:07:25 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/10 19:07:25 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/10 19:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/10 19:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/08 15:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/08 15:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/08 15:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\PriceGong
[2010/04/08 15:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/04/08 15:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\Conduit
[2010/04/08 15:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\Free_TV_Bar
[2010/04/08 15:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Free_TV_Bar
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/30 12:33:37 | 000,042,674 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/04/30 06:14:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/30 05:45:16 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/30 05:43:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/30 05:41:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\WavXMapDrive.bat
[2010/04/30 05:40:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/30 05:40:42 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/04/30 05:40:33 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/30 05:40:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/30 05:39:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/30 05:39:51 | 2145,353,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/30 05:39:02 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\Michelle\NTUSER.DAT
[2010/04/29 22:04:18 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
[2010/04/29 17:32:15 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdclass.sys
[2010/04/29 17:00:03 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/04/29 16:34:09 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lxfyoivq.sys
[2010/04/29 16:34:08 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\kbdclass.sysC6EA1355
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/18 15:07:39 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/04/18 15:03:05 | 000,391,944 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/04/18 14:08:48 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ParetoLogic Privacy Controls.lnk
[2010/04/18 14:08:47 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/04/18 14:08:43 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{909B82F6-4B2E-11DF-8BC0-001E377EE724}.job
[2010/04/18 13:50:23 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/04/18 13:50:16 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/04/18 05:20:29 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/17 23:43:56 | 000,006,956 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\58G3tyIDc
[2010/04/17 23:15:44 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/17 23:00:12 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/04/17 22:17:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/17 19:24:28 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/17 19:10:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/17 19:10:24 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/17 19:10:15 | 000,000,840 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\JH40y5L
[2010/04/17 18:50:30 | 000,530,182 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/17 18:50:30 | 000,447,146 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/17 18:50:30 | 000,073,844 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/14 13:15:48 | 000,010,155 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Pot Roast.docx
[2010/04/14 09:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/14 09:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/14 09:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/14 09:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/14 09:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/14 09:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/14 09:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/14 09:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/14 09:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/12 14:13:16 | 000,013,454 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\N8NHc
[2010/04/10 19:07:09 | 000,013,806 | -HS- | M] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\N33N
[2010/04/10 19:07:09 | 000,013,806 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\N33N
[2010/04/10 18:24:51 | 000,385,900 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100418-150305.backup
[2010/04/08 14:44:29 | 000,060,720 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/29 16:34:08 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\kbdclass.sysC6EA1355
[2010/04/18 15:12:55 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/18 15:07:39 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/04/18 14:08:48 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ParetoLogic Privacy Controls.lnk
[2010/04/18 14:08:46 | 000,000,424 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/04/18 14:08:42 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{909B82F6-4B2E-11DF-8BC0-001E377EE724}.job
[2010/04/18 13:50:24 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/04/18 13:50:23 | 000,000,396 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/04/18 13:50:20 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/04/18 13:50:16 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/04/18 05:20:29 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/17 23:43:08 | 000,006,956 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\58G3tyIDc
[2010/04/17 23:43:08 | 000,006,956 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\58G3tyIDc
[2010/04/17 23:00:12 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/04/17 19:24:28 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/17 19:10:24 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/17 19:10:14 | 000,000,840 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\JH40y5L
[2010/04/17 19:10:14 | 000,000,840 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\JH40y5L
[2010/04/14 13:27:29 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/04/14 13:27:11 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/04/14 13:27:11 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/04/14 13:26:53 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/04/14 13:15:47 | 000,010,155 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\Pot Roast.docx
[2010/04/12 14:44:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/11 17:28:49 | 000,013,454 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\N8NHc
[2010/04/11 16:58:28 | 000,013,454 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\N8NHc
[2010/04/11 16:58:28 | 000,013,446 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\N8NHc
[2010/04/10 18:06:21 | 000,013,806 | -HS- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\N33N
[2010/04/10 18:06:21 | 000,013,806 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\N33N
[2010/04/08 14:44:29 | 000,060,720 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/05/27 15:48:39 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/07 22:31:04 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4d.DLL
[2008/02/04 22:52:52 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2008/01/29 13:13:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/29 13:10:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/01/29 13:03:27 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/01/29 13:03:27 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/29 12:52:57 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/01/29 12:50:23 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/01/29 12:50:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/01/29 12:20:46 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/01/29 12:20:46 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/01/29 12:20:46 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/01/29 12:20:45 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/01/29 12:19:03 | 000,001,122 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/13 13:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 13:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 13:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 13:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 13:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 13:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 13:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 13:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 13:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 13:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 13:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/12 14:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 14:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 14:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 14:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 14:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 14:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 14:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 14:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 14:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 14:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 08:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/06/15 09:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2007/03/27 10:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2006/11/07 03:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/14 10:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 07:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2005/09/02 13:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 20:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/09/10 12:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 12:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 16:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/03 22:15:54 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\serial.sys
[2004/08/03 21:59:08 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\serenum.sys
[2004/07/20 16:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 13:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2002/04/24 20:05:03 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll

========== Custom Scans ==========

< >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/24 14:37:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/24 14:37:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/24 14:37:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/24 14:37:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 604 bytes -> C:\WINDOWS\System32\drivers\lxfyoivq.sys:changelist
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

OTL Extras:
OTL Extras logfile created on: 4/30/2010 12:35:33 PM - Run 1
OTL by OldTimer - Version 3.2.3.1 Folder = C:\Documents and Settings\Michelle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 32.56 Gb Free Space | 29.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 15.66 Mb Total Space | 11.64 Mb Free Space | 74.38% Space Free | Partition Type: NTFS
Drive F: | 1.92 Gb Total Space | 1.59 Gb Free Space | 82.83% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MITCH
Current User Name: Michelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04010300-6D72-4D54-8686-91D884A27B5C}" = Cisco Clean Access Agent
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{12E75B98-8463-4C1F-8DDA-F6CF31566A55}" = Google SketchUp Pro 6
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{29ACDA07-0CAD-4751-B3A4-3E03C5F74673}" = ParetoLogic Privacy Controls
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{5783F2D7-6007-0409-0002-0060B0CE6BBA}" = AutoCAD Electrical 2008
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B4AE751-7055-4518-87B0-E148A8D50D0A}" = Macromedia FreeHand MX
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12D609B-EB71-411B-82C3-9BE6D40435D7}" = Google SketchUp LayOut 6
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}" = Sibelius Scorch (ActiveX Only)
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}" = Google SketchUp 6 Exporters
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{FACF203E-0F4D-489A-B80C-D185253C8FCB}" = Autodesk Design Review 2008
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.2 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"AutoCAD Electrical 2008" = AutoCAD Electrical 2008
"Autodesk Student Community Download Tool_is1" = Autodesk Student Community Download Tool
"avast5" = avast! Free Antivirus
"BASICR" = Microsoft Office Basic 2007
"CANONBJ_Deinstall_CNMCP4d.DLL" = Canon i950
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"DiskDirector" = Acronis Disk Director Suite
"Free_TV_Bar Toolbar" = Free_TV_Bar Toolbar
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"MagicDisc 2.5.74" = MagicDisc 2.5.74
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC Pitstop Driver Alert_is1" = PC Pitstop Driver Alert 1.0
"Picasa 3" = Picasa 3
"ProInst" = Intel® PROSet/Wireless Software
"RegCure" = RegCure
"SearchAssist" = SearchAssist
"Spyware Doctor" = Spyware Doctor 7.0
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3994899645-877071034-1974563477-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2010 6:56:29 PM | Computer Name = MITCH | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 4/30/2010 12:16:10 AM | Computer Name = MITCH | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 4664 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 4/30/2010 12:16:10 AM | Computer Name = MITCH | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 4/30/2010 12:24:02 AM | Computer Name = MITCH | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 4/30/2010 5:14:05 AM | Computer Name = MITCH | Source = Google Update | ID = 20
Description =

Error - 4/30/2010 5:27:01 AM | Computer Name = MITCH | Source = Google Update | ID = 20
Description =

Error - 4/30/2010 8:36:43 AM | Computer Name = MITCH | Source = Google Update | ID = 20
Description =

Error - 4/30/2010 8:42:02 AM | Computer Name = MITCH | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/30/2010 8:44:07 AM | Computer Name = MITCH | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 5332 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 4/30/2010 8:44:07 AM | Computer Name = MITCH | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

[ OSession Events ]
Error - 1/28/2009 2:31:22 AM | Computer Name = MITCH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 816
seconds with 60 seconds of active time. This session ended with a crash.

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Attached Files

Attach.txt 20.82KB 8 downloads

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Elise

Bleepin' Blonde

Malware Study Hall Admin
60,831 posts
ONLINE

Gender:Female
Location:Romania
Local time:11:47 PM

Posted 04 May 2010 - 11:55 AM

Hello ,
And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
A detailed description of your problems
A new OTL log (don't forget extra.txt)
GMER log

Thanks and again sorry for the delay.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

Malware analyst @ Emsisoft

#3 malibuskier

Topic Starter

Members
32 posts
OFFLINE

Local time:12:47 PM

Posted 05 May 2010 - 07:56 AM

#4 malibuskier

Topic Starter

Members
32 posts
OFFLINE

Local time:12:47 PM

Posted 05 May 2010 - 07:56 AM

Elise,
Thank you for helping me with my problem(s). At the moment, my computer is exceptionally slow, can't connect to the internet and can't/won't update my Avast antivirus. I have disabled the wireless internet until I get things fixed. When I was able to connect to the internet, I could not go to the Microsoft Update page (would not display) and my browser was redirected to goofy websites after searches.

I have tried to rerun the OTL and GMER programs as requested but with less than stellar results. I ran them both in normal and safe mode. The OTL would not produce the extra log and GMER hung in normal mode. I will paste the current logs (from Safe Mode) below and am reruning them both this morning in normal mode while I am at work. Hopefully with different results this time. Here are the current logs.

Thanks again,
Dave

OTL:
OTL logfile created on: 5/4/2010 9:41:50 PM - Run 4
OTL by OldTimer - Version 3.2.3.1 Folder = C:\Documents and Settings\Michelle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 33.66 Gb Free Space | 30.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 15.66 Mb Total Space | 11.64 Mb Free Space | 74.38% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MITCH
Current User Name: Michelle
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/29 22:04:18 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/04/29 22:04:18 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Symantec Core LC)
SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [On_Demand | Stopped] -- -- (comHost)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [Auto | Stopped] -- -- (ccSetMgr)
SRV - File not found [Auto | Stopped] -- -- (ccEvtMgr)
SRV - [2010/04/14 09:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/04/14 09:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/04/14 09:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/02/06 15:23:13 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/01/29 13:10:24 | 001,838,592 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2008/01/29 13:10:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/11/08 21:50:10 | 001,552,384 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/09/13 13:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/09/07 16:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2007/08/31 16:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/07/25 15:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/07/25 15:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/07/25 15:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/07/25 15:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/05/14 13:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/02/18 22:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Stopped] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2006/12/19 13:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)

========== Driver Services (SafeList) ==========

DRV - [2010/05/02 02:11:01 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF55FF8B-11D9-4753-A5FD-975E4A4B35D2}\MpKsl35514a4d.sys -- (MpKsl35514a4d)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/04/14 09:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/04/14 09:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/04/14 09:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/04/14 09:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/04/14 09:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/14 09:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/06/13 14:14:02 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2008/06/13 14:14:02 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2008/04/13 12:15:45 | 000,064,512 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 11:40:12 | 000,015,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/01 18:24:53 | 000,081,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/12/02 17:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 17:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 17:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/12/02 17:06:06 | 000,046,992 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007/11/28 15:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/09/10 08:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 08:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2007/09/06 08:18:40 | 000,018,176 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
DRV - [2007/08/12 17:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/05/31 14:50:20 | 006,727,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/05/29 14:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/04/26 13:29:30 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/04/26 13:29:28 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/04/26 13:29:28 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/04/26 13:29:28 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2007/04/26 13:29:26 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/26 13:29:26 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/04/26 13:29:24 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2007/04/15 20:49:08 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/18 14:44:38 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/18 22:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/12/19 13:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Stopped] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/02 11:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/08/18 12:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 12:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 12:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 12:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 12:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 12:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 12:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 12:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 09:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 09:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080129
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/...?channel=us-smb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080129

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080129
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080129
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080129
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080129
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 9D 2E 41 1D E8 CA 01 [binary data]
IE - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2010/04/18 15:03:05 | 000,391,944 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13539 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Free TV Bar Toolbar) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFre1.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Free TV Bar Toolbar) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\..\Toolbar\WebBrowser: (Free TV Bar Toolbar) - {A0729639-D831-46C9-811B-9B0AA79FB45A} - C:\Program Files\Free_TV_Bar\tbFre1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3994899645-877071034-1974563477-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe ()
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3994899645-877071034-1974563477-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1202185633290 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1271572515625 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} http://72.54.245.186:8050/xplugLiteAL.cab (Gif89 Lite Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll (PCPitstop Exam)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (waveGina.dll) - C:\WINDOWS\System32\waveGina.dll (Wave Systems Corp.)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O24 - Desktop WallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{13babaa4-e316-11dc-8aee-001e377ee724}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O33 - MountPoints2\{19299411-116a-11dd-8b00-001e377ee724}\Shell - "" = AutoRun
O33 - MountPoints2\{19299411-116a-11dd-8b00-001e377ee724}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19299411-116a-11dd-8b00-001e377ee724}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{73836c29-c4fa-11dd-8b68-001e377ee724}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe -- File not found
O33 - MountPoints2\{c921492d-1875-11dd-8b03-001e377ee724}\Shell - "" = AutoRun
O33 - MountPoints2\{c921492d-1875-11dd-8b03-001e377ee724}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c921492d-1875-11dd-8b03-001e377ee724}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c921492e-1875-11dd-8b03-001e377ee724}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{c921492e-1875-11dd-8b03-001e377ee724}\Shell\explore\Command - "" = G:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{c921492e-1875-11dd-8b03-001e377ee724}\Shell\open\Command - "" = G:\EXPLORER.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/04 21:05:57 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
[2010/04/30 16:56:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/04/30 12:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\Malware Fix
[2010/04/29 16:34:08 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lxfyoivq.sys
[2010/04/29 15:58:31 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/04/18 15:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/04/18 14:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/18 14:45:17 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/18 14:45:17 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/18 14:45:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/18 14:45:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/18 14:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\ParetoLogic
[2010/04/18 14:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/04/18 14:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/04/18 14:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010/04/18 13:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/04/18 13:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/04/17 22:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Free_TV_Bar
[2010/04/17 19:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Malwarebytes
[2010/04/17 19:24:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/17 19:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/17 19:24:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/17 19:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/17 19:07:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/04/17 18:56:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michelle\Recent
[2010/04/15 15:06:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/14 13:27:29 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/04/14 13:27:11 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/04/14 13:27:11 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/04/14 13:26:53 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/04/14 13:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/04/14 13:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/14 13:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\PC Tools
[2010/04/14 13:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/04/14 13:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\Downloads
[2010/04/14 13:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\GetRightToGo
[2010/04/14 13:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Office Genuine Advantage
[2010/04/12 14:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/12 14:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/04/10 19:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/04/10 19:08:07 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/10 19:08:07 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/10 19:08:05 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/10 19:08:04 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/10 19:08:01 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/10 19:08:01 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/10 19:08:00 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/10 19:07:25 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/10 19:07:25 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/10 19:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/10 19:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/08 15:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/08 15:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/08 15:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\PriceGong
[2010/04/08 15:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/04/08 15:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\Conduit
[2010/04/08 15:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\Free_TV_Bar
[2010/04/08 15:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Free_TV_Bar
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/04 21:40:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/04 21:39:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/04 21:15:07 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/04 21:04:07 | 000,027,519 | ---- | M] () -- C:\Documents and Settings\Michelle\My Documents\OTL logfile created on.docx
[2010/05/04 20:58:06 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\Michelle\NTUSER.DAT
[2010/05/04 20:56:44 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/05/04 20:56:10 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/04 20:54:59 | 000,042,674 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/05/04 20:52:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\WavXMapDrive.bat
[2010/05/04 20:51:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/04 20:51:16 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/04 20:51:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/04 20:38:55 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys8FE2AE68
[2010/05/04 20:18:55 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys1B9E48F5
[2010/05/04 18:18:54 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys78A0290F
[2010/05/04 17:59:23 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys60B58F4B
[2010/05/04 17:00:02 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/05/04 15:28:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys49094E35
[2010/05/04 12:48:07 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys33A5C144
[2010/05/04 10:46:43 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sysC5EC6E02
[2010/05/04 10:27:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/04 10:16:19 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys0AEF8D71
[2010/05/04 09:05:09 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys8A65FF5D
[2010/05/04 08:34:41 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys1D06353A
[2010/05/04 02:50:11 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys0A7CB3E0
[2010/05/04 00:28:11 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sysF71226C6
[2010/05/03 23:17:13 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys54D31656
[2010/05/03 20:45:08 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sysCBB327FB
[2010/05/03 20:24:44 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys12F97616
[2010/05/03 16:51:50 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys7BFD1BCB
[2010/05/03 08:00:38 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sysB7013F2B
[2010/05/03 05:10:01 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sysF737E36F
[2010/05/03 00:39:05 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys45194E0F
[2010/05/03 00:29:03 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys3637FC13
[2010/05/02 23:58:55 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys2550260E
[2010/05/02 23:29:15 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys6E168CD1
[2010/05/02 22:28:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\Kbdclass.sysC0395EB9
[2010/05/02 11:54:51 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/05/01 22:17:53 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/01 00:39:02 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/04/30 13:00:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michelle\defogger_reenable
[2010/04/30 12:49:20 | 000,525,824 | ---- | M] () -- C:\dds.scr
[2010/04/29 22:04:18 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
[2010/04/29 17:32:15 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdclass.sys
[2010/04/29 16:34:09 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lxfyoivq.sys
[2010/04/29 16:34:08 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\kbdclass.sysC6EA1355
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/18 15:07:39 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/04/18 15:03:05 | 000,391,944 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/04/18 14:08:48 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ParetoLogic Privacy Controls.lnk
[2010/04/18 14:08:43 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{909B82F6-4B2E-11DF-8BC0-001E377EE724}.job
[2010/04/18 13:50:16 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/04/18 05:20:29 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/17 23:43:56 | 000,006,956 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\58G3tyIDc
[2010/04/17 23:15:44 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/17 23:00:12 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/04/17 19:24:28 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/17 19:10:24 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/17 19:10:15 | 000,000,840 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\JH40y5L
[2010/04/17 18:50:30 | 000,530,182 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/17 18:50:30 | 000,447,146 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/17 18:50:30 | 000,073,844 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/14 13:15:48 | 000,010,155 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Pot Roast.docx
[2010/04/14 09:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/14 09:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/14 09:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/14 09:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/14 09:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/14 09:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/14 09:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/14 09:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/14 09:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/12 14:13:16 | 000,013,454 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\N8NHc
[2010/04/10 19:07:09 | 000,013,806 | -HS- | M] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\N33N
[2010/04/10 19:07:09 | 000,013,806 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\N33N
[2010/04/10 18:24:51 | 000,385,900 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100418-150305.backup
[2010/04/08 14:44:29 | 000,060,720 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/04 21:04:07 | 000,027,519 | ---- | C] () -- C:\Documents and Settings\Michelle\My Documents\OTL logfile created on.docx
[2010/05/04 20:38:55 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys8FE2AE68
[2010/05/04 20:18:55 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys1B9E48F5
[2010/05/04 18:18:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys78A0290F
[2010/05/04 17:59:23 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys60B58F4B
[2010/05/04 15:28:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys49094E35
[2010/05/04 12:48:07 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys33A5C144
[2010/05/04 10:46:43 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sysC5EC6E02
[2010/05/04 10:16:19 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys0AEF8D71
[2010/05/04 09:05:09 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys8A65FF5D
[2010/05/04 08:34:41 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys1D06353A
[2010/05/04 02:50:11 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys0A7CB3E0
[2010/05/04 00:28:11 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sysF71226C6
[2010/05/03 23:17:13 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys54D31656
[2010/05/03 20:45:08 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sysCBB327FB
[2010/05/03 20:24:44 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys12F97616
[2010/05/03 16:51:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys7BFD1BCB
[2010/05/03 08:00:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sysB7013F2B
[2010/05/03 05:10:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sysF737E36F
[2010/05/03 00:39:05 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys45194E0F
[2010/05/03 00:29:03 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys3637FC13
[2010/05/02 23:58:55 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys2550260E
[2010/05/02 23:29:15 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sys6E168CD1
[2010/05/02 22:28:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Kbdclass.sysC0395EB9
[2010/04/30 16:26:07 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\gmer.exe
[2010/04/30 13:07:45 | 000,525,824 | ---- | C] () -- C:\dds.scr
[2010/04/30 13:00:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\defogger_reenable
[2010/04/29 16:34:08 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\kbdclass.sysC6EA1355
[2010/04/18 15:12:55 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/18 15:07:39 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/04/18 14:08:48 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ParetoLogic Privacy Controls.lnk
[2010/04/18 14:08:46 | 000,000,424 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/04/18 14:08:42 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{909B82F6-4B2E-11DF-8BC0-001E377EE724}.job
[2010/04/18 13:50:24 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/04/18 13:50:23 | 000,000,396 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/04/18 13:50:20 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/04/18 13:50:16 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/04/18 05:20:29 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/17 23:43:08 | 000,006,956 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\58G3tyIDc
[2010/04/17 23:43:08 | 000,006,956 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\58G3tyIDc
[2010/04/17 23:00:12 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/04/17 19:24:28 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/17 19:10:24 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/17 19:10:14 | 000,000,840 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\JH40y5L
[2010/04/17 19:10:14 | 000,000,840 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\JH40y5L
[2010/04/14 13:27:29 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/04/14 13:27:11 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/04/14 13:27:11 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/04/14 13:26:53 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/04/14 13:15:47 | 000,010,155 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\Pot Roast.docx
[2010/04/12 14:44:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/11 17:28:49 | 000,013,454 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\N8NHc
[2010/04/11 16:58:28 | 000,013,454 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\N8NHc
[2010/04/11 16:58:28 | 000,013,446 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\N8NHc
[2010/04/10 18:06:21 | 000,013,806 | -HS- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\N33N
[2010/04/10 18:06:21 | 000,013,806 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\N33N
[2010/04/08 14:44:29 | 000,060,720 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/05/27 15:48:39 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/07 22:31:04 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4d.DLL
[2008/02/04 22:52:52 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2008/01/29 13:13:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/29 13:10:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/01/29 13:03:27 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/01/29 13:03:27 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/29 12:52:57 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/01/29 12:50:23 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/01/29 12:50:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/01/29 12:20:46 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/01/29 12:20:46 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/01/29 12:20:46 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/01/29 12:20:45 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/01/29 12:19:03 | 000,001,122 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/13 13:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 13:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 13:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 13:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 13:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 13:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 13:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 13:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 13:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 13:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 13:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/12 14:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 14:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 14:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 14:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 14:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 14:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 14:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 14:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 14:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 14:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 08:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/06/15 09:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2007/03/27 10:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2006/11/07 03:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/14 10:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 07:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2005/09/02 13:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 20:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/09/10 12:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 12:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 16:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/03 22:15:54 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\serial.sys
[2004/08/03 21:59:08 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\serenum.sys
[2004/07/20 16:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 13:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2002/04/24 20:05:03 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 604 bytes -> C:\WINDOWS\System32\drivers\lxfyoivq.sys:changelist
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

#5 Elise

Bleepin' Blonde

Malware Study Hall Admin
60,831 posts
ONLINE

Gender:Female
Location:Romania
Local time:11:47 PM

Posted 05 May 2010 - 08:17 AM

Please try to run GMER with only the Sections option checked. This will shorten the scan time and make it easier to run.

Rerun OTL and make sure under "extra registry" use safelist is checked. Run the scan and now it will produce extra.txt (no need to post otl.txt again).

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

Malware analyst @ Emsisoft

#6 malibuskier

Topic Starter

Members
32 posts
OFFLINE

Local time:12:47 PM

Posted 05 May 2010 - 08:25 AM

OK. I will do it on my lunch break and post the results.

Dave

#7 Elise

Bleepin' Blonde

Malware Study Hall Admin
60,831 posts
ONLINE

Gender:Female
Location:Romania
Local time:11:47 PM

Posted 05 May 2010 - 09:00 AM

Okay Dave, I'll wait for that

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

Malware analyst @ Emsisoft

#8 malibuskier

Topic Starter

Members
32 posts
OFFLINE

Local time:12:47 PM

Posted 05 May 2010 - 03:48 PM

Here is the extra log:

Extra:
OTL Extras logfile created on: 5/5/2010 12:51:02 PM - Run 5
OTL by OldTimer - Version 3.2.3.1 Folder = C:\Documents and Settings\Michelle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 31.65 Gb Free Space | 28.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 15.66 Mb Total Space | 11.64 Mb Free Space | 74.38% Space Free | Partition Type: NTFS
Drive F: | 1.92 Gb Total Space | 1.59 Gb Free Space | 82.75% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MITCH
Current User Name: Michelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04010300-6D72-4D54-8686-91D884A27B5C}" = Cisco Clean Access Agent
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{12E75B98-8463-4C1F-8DDA-F6CF31566A55}" = Google SketchUp Pro 6
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{29ACDA07-0CAD-4751-B3A4-3E03C5F74673}" = ParetoLogic Privacy Controls
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{5783F2D7-6007-0409-0002-0060B0CE6BBA}" = AutoCAD Electrical 2008
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B4AE751-7055-4518-87B0-E148A8D50D0A}" = Macromedia FreeHand MX
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12D609B-EB71-411B-82C3-9BE6D40435D7}" = Google SketchUp LayOut 6
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}" = Sibelius Scorch (ActiveX Only)
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}" = Google SketchUp 6 Exporters
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{FACF203E-0F4D-489A-B80C-D185253C8FCB}" = Autodesk Design Review 2008
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.2 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"AutoCAD Electrical 2008" = AutoCAD Electrical 2008
"Autodesk Student Community Download Tool_is1" = Autodesk Student Community Download Tool
"avast5" = avast! Free Antivirus
"BASICR" = Microsoft Office Basic 2007
"CANONBJ_Deinstall_CNMCP4d.DLL" = Canon i950
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"DiskDirector" = Acronis Disk Director Suite
"Free_TV_Bar Toolbar" = Free_TV_Bar Toolbar
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"MagicDisc 2.5.74" = MagicDisc 2.5.74
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC Pitstop Driver Alert_is1" = PC Pitstop Driver Alert 1.0
"Picasa 3" = Picasa 3
"ProInst" = Intel® PROSet/Wireless Software
"RegCure" = RegCure
"SearchAssist" = SearchAssist
"Spyware Doctor" = Spyware Doctor 7.0
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/4/2010 11:55:09 PM | Computer Name = MITCH | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 5/5/2010 8:28:24 AM | Computer Name = MITCH | Source = Google Update | ID = 20
Description =

Error - 5/5/2010 8:31:21 AM | Computer Name = MITCH | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 4340 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 5/5/2010 8:31:21 AM | Computer Name = MITCH | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 5/5/2010 8:31:46 AM | Computer Name = MITCH | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 5/5/2010 8:33:36 AM | Computer Name = MITCH | Source = Google Update | ID = 20
Description =

Error - 5/5/2010 3:36:42 PM | Computer Name = MITCH | Source = Google Update | ID = 20
Description =

Error - 5/5/2010 3:39:13 PM | Computer Name = MITCH | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 4372 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 5/5/2010 3:39:13 PM | Computer Name = MITCH | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 5/5/2010 3:41:22 PM | Computer Name = MITCH | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15281, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 1/28/2009 2:31:22 AM | Computer Name = MITCH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 816
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/2/2010 2:53:02 PM | Computer Name = MITCH | Source = Service Control Manager | ID = 7000
Description = The avast! Mail Scanner service failed to start due to the following
error: %%1053

Error - 5/2/2010 2:53:31 PM | Computer Name = MITCH | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avast! Mail Scanner service.

Error - 5/2/2010 2:53:32 PM | Computer Name = MITCH | Source = Service Control Manager | ID = 7000
Description = The avast! Mail Scanner service failed to start due to the following
error: %%1053

Error - 5/2/2010 2:54:50 PM | Computer Name = MITCH | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/2/2010 2:54:50 PM | Computer Name = MITCH | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/2/2010 2:55:14 PM | Computer Name = MITCH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl SRTSPX SYMTDI

Error - 5/2/2010 3:05:30 PM | Computer Name = MITCH | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.81.681.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5703.0 Error
code: 0x80072efe Error description: The connection with the server was terminated
abnormally

Error - 5/2/2010 3:13:02 PM | Computer Name = MITCH | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.81.681.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5703.0 Error
code: 0x80072efe Error description: The connection with the server was terminated
abnormally

Error - 5/2/2010 3:13:38 PM | Computer Name = MITCH | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.81.681.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5703.0 Error
code: 0x80072efe Error description: The connection with the server was terminated
abnormally

Error - 5/2/2010 5:01:15 PM | Computer Name = MITCH | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{831A20B3-6DA4-4F98-B9C6-FCE5C6633582}. The
backup browser is stopping.

< End of report >

Here is the GMER with only the sections box checked:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-05 12:50:30
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Michelle\LOCALS~1\Temp\fxtdypog.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8F55380, 0x2F2807, 0xE8000020]

---- EOF - GMER 1.0.15 ----

Here is a GMER log I ran in Safe Mode:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-05 05:25:04
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Michelle\LOCALS~1\Temp\fxtdypog.sys

---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF743BE22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF741CCDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF741CECE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF743C610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF743C8C4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF743AB14]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF743CD30]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF743C0E2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF741C982]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A9000A
.text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AA000A
.text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A8000C
.text C:\WINDOWS\Explorer.EXE[960] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C6000A
.text C:\WINDOWS\Explorer.EXE[960] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D0000A
.text C:\WINDOWS\Explorer.EXE[960] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C5000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#9 Elise

Bleepin' Blonde

Malware Study Hall Admin
60,831 posts
ONLINE

Gender:Female
Location:Romania
Local time:11:47 PM

Posted 06 May 2010 - 02:09 AM

Hello again,

I notice the presence of RegCure Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners for several reasons.

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

COMBOFIX
---------------
Please download ComboFix from one of these locations:

Bleepingcomputer

ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

Malware analyst @ Emsisoft

#10 malibuskier

Topic Starter

Members
32 posts
OFFLINE

Local time:12:47 PM

Posted 06 May 2010 - 07:57 PM

Here is the log:

ComboFix 10-05-05.0D - Michelle 05/06/2010 13:15:26.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1467 [GMT -7:00]
Running from: F:\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Michelle\Start Menu\Programs\Startup\MagicDisc.lnk
c:\program files\Internet Explorer\SETD9.tmp
c:\windows\system32\41.exe
c:\windows\system32\ES15.exe
c:\windows\system32\helpers32.dll
c:\windows\system32\warnings.html

Infected copy of c:\windows\system32\drivers\Kbdclass.sys was found and disinfected
Restored copy from - Kitty had a snack

.
((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.

2010-05-05 19:48 . 2010-05-05 19:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-30 23:56 . 2010-04-30 23:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-04-30 20:07 . 2010-04-30 19:49 525824 ----a-w- C:\dds.scr
2010-04-29 23:34 . 2010-04-29 23:34 30784 ----a-w- c:\windows\system32\drivers\lxfyoivq.sys
2010-04-29 22:58 . 2010-02-24 17:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-18 22:07 . 2010-04-18 22:07 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-04-18 21:45 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-18 21:08 . 2010-04-18 21:08 -------- d-----w- c:\documents and settings\Michelle\Application Data\ParetoLogic
2010-04-18 21:08 . 2010-04-18 21:08 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-04-18 21:08 . 2010-04-18 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-04-18 21:08 . 2010-04-18 21:08 -------- d-----w- c:\program files\ParetoLogic
2010-04-18 20:50 . 2010-04-18 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-04-18 20:50 . 2010-04-18 20:58 -------- d-----w- c:\program files\RegCure
2010-04-18 05:17 . 2010-04-18 05:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Free_TV_Bar
2010-04-18 02:24 . 2010-04-18 02:24 -------- d-----w- c:\documents and settings\Michelle\Application Data\Malwarebytes
2010-04-18 02:24 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 02:24 . 2010-04-18 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-18 02:24 . 2010-04-30 04:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 02:24 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 02:10 . 2010-04-18 02:10 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-18 02:07 . 2010-04-18 02:07 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2010-04-14 20:27 . 2010-02-05 16:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-14 20:27 . 2009-10-06 23:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-14 20:27 . 2009-09-23 23:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-14 20:26 . 2010-02-05 16:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-14 20:26 . 2010-04-14 20:42 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-14 20:26 . 2010-05-06 19:58 -------- d-----w- c:\program files\Spyware Doctor
2010-04-14 20:26 . 2010-04-14 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-14 20:26 . 2010-04-14 20:26 -------- d-----w- c:\documents and settings\Michelle\Application Data\PC Tools
2010-04-14 20:16 . 2010-04-14 20:25 -------- d-----w- c:\documents and settings\Michelle\Application Data\GetRightToGo
2010-04-14 20:08 . 2010-04-14 20:08 -------- d-----w- c:\documents and settings\Michelle\Application Data\Office Genuine Advantage
2010-04-12 21:44 . 2010-04-12 21:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-12 21:44 . 2010-05-04 17:27 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-11 02:08 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-11 02:08 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-11 02:08 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-11 02:08 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-11 02:08 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-11 02:08 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-11 02:08 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-11 02:07 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-11 02:07 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-11 02:07 . 2010-04-11 02:07 -------- d-----w- c:\program files\Alwil Software
2010-04-11 02:07 . 2010-04-11 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-08 22:26 . 2010-04-30 23:20 -------- d-----w- c:\documents and settings\Michelle\Application Data\PriceGong
2010-04-08 22:26 . 2010-04-08 22:26 -------- d-----w- c:\program files\Conduit
2010-04-08 22:26 . 2010-04-08 22:26 -------- d-----w- c:\documents and settings\Michelle\Local Settings\Application Data\Conduit
2010-04-08 22:26 . 2010-04-08 22:26 -------- d-----w- c:\documents and settings\Michelle\Local Settings\Application Data\Free_TV_Bar
2010-04-08 22:26 . 2010-04-30 04:00 -------- d-----w- c:\program files\Free_TV_Bar
2010-04-08 21:44 . 2010-04-08 21:44 60720 ---ha-w- c:\windows\system32\mlfcache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 20:34 . 2008-04-02 03:30 -------- d-----w- c:\documents and settings\Michelle\Application Data\OpenOffice.org2
2010-05-06 20:32 . 2008-02-05 04:24 0 ----a-w- c:\documents and settings\Michelle\Local Settings\Application Data\WavXMapDrive.bat
2010-05-06 19:59 . 2008-05-23 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-06 19:58 . 2008-08-01 02:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-05 03:50 . 2004-08-04 04:58 24576 ----a-w- c:\windows\system32\drivers\Kbdclass.sys
2010-05-05 03:38 . 2010-05-05 03:38 24576 ------w- c:\windows\system32\drivers\Kbdclass.sys8FE2AE68
2010-05-05 03:18 . 2010-05-05 03:18 24576 ------w- c:\windows\system32\drivers\Kbdclass.sys1B9E48F5
2010-05-05 01:18 . 2010-05-05 01:18 24576 ------w- c:\windows\system32\drivers\Kbdclass.sys78A0290F
2010-05-05 00:59 . 2010-05-05 00:59 24576 ------w- c:\windows\system32\drivers\Kbdclass.sys60B58F4B
2010-05-04 22:28 . 2010-05-04 22:28 24576 ------w- c:\windows\system32\drivers\Kbdclass.sys49094E35
2010-05-04 19:48 . 2010-05-04 19:48 24576 ------w- c:\windows\system32\drivers\Kbdclass.sys33A5C144
2010-05-04 17:46 . 2010-05-04 17:46 24576 ------w- c:\windows\system32\drivers\Kbdclass.sysC5EC6E02
2010-05-04 17:16 . 2010-05-04 17:16 24576 ------w- c:\windows\system32\drivers\Kbdclass.sys0AEF8D71
2010-05-04 16:05 . 2010-05-04 16:05 24576 ------w- c:\windows\system32\drivers\Kbdclass.sys8A65FF5D
2010-05-04 15:34 . 2010-05-04 15:34 24576 ------w- c:\windows\system32\drivers\Kbdclass.sys1D06353A
2010-05-04 09:50 . 2010-05-04 09:50 24576 ------w- c:\windows\system32\drivers\Kbdclass.sys0A7CB3E0
2010-05-04 07:28 . 2010-05-04 07:28 24576 ------w- c:\windows\system32\drivers\Kbdclass.sysF71226C6
2010-05-04 06:17 . 2010-05-04 06:17 24576 ------w- c:\windows\system32\drivers\Kbdclass.sys54D31656
2010-05-04 03:45 . 2010-05-04 03:45 24576 ------w- c:\windows\system32\drivers\Kbdclass.sysCBB327FB
2010-05-04 03:24 . 2010-05-04 03:24 24576 ------w- c:\windows\system32\drivers\Kbdclass.sys12F97616
2010-05-03 23:51 . 2010-05-03 23:51 24576 ------w- c:\windows\system32\drivers\Kbdclass.sys7BFD1BCB
2010-05-03 15:00 . 2010-05-03 15:00 24576 ------w- c:\windows\system32\drivers\Kbdclass.sysB7013F2B
2010-05-03 12:10 . 2010-05-03 12:10 24576 ------w- c:\windows\system32\drivers\Kbdclass.sysF737E36F
2010-05-03 07:39 . 2010-05-03 07:39 24576 ------w- c:\windows\system32\drivers\Kbdclass.sys45194E0F
2010-05-03 07:29 . 2010-05-03 07:29 24576 ------w- c:\windows\system32\drivers\Kbdclass.sys3637FC13
2010-05-03 06:58 . 2010-05-03 06:58 24576 ------w- c:\windows\system32\drivers\Kbdclass.sys2550260E
2010-05-03 06:29 . 2010-05-03 06:29 24576 ------w- c:\windows\system32\drivers\Kbdclass.sys6E168CD1
2010-05-03 05:28 . 2010-05-03 05:28 24576 ------w- c:\windows\system32\drivers\Kbdclass.sysC0395EB9
2010-04-29 23:34 . 2010-04-29 23:34 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sysC6EA1355
2010-04-18 21:53 . 2008-08-01 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-18 21:53 . 2008-08-01 02:07 -------- d-----w- c:\program files\SpywareBlaster
2010-04-18 21:45 . 2008-01-29 19:41 -------- d-----w- c:\program files\Common Files\Java
2010-04-18 21:45 . 2008-01-29 19:41 -------- d-----w- c:\program files\Java
2010-04-18 19:58 . 2009-04-12 01:33 -------- d-----w- c:\program files\Windows Live
2010-04-18 12:19 . 2008-01-29 20:10 -------- d-----w- c:\program files\Google
2010-04-18 01:52 . 2008-01-29 20:03 -------- d-----w- c:\program files\Roxio
2010-04-18 01:51 . 2008-02-05 07:58 -------- d-----w- c:\program files\Yahoo!
2010-04-18 00:20 . 2008-01-29 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-08 22:41 . 2008-02-07 05:27 -------- d-----w- c:\documents and settings\Michelle\Application Data\Move Networks
2010-03-10 06:15 . 2004-08-11 23:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-11 23:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-16 14:08 . 2004-08-11 23:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 04:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-11 23:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-11 23:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0729639-d831-46c9-811b-9b0aa79fb45a}]
2010-04-30 04:00 2393184 ----a-w- c:\program files\Free_TV_Bar\tbFre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a0729639-d831-46c9-811b-9b0aa79fb45a}"= "c:\program files\Free_TV_Bar\tbFre1.dll" [2010-04-30 2393184]

[HKEY_CLASSES_ROOT\clsid\{a0729639-d831-46c9-811b-9b0aa79fb45a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A0729639-D831-46C9-811B-9B0AA79FB45A}"= "c:\program files\Free_TV_Bar\tbFre1.dll" [2010-04-30 2393184]

[HKEY_CLASSES_ROOT\clsid\{a0729639-d831-46c9-811b-9b0aa79fb45a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"nwiz"="nwiz.exe" [2007-05-31 1626112]
"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2009-02-19 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-29 1838592]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Michelle\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-12 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-29 50688]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/14/2010 1:27 PM 207280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/10/2010 7:08 PM 162768]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/10/2010 7:08 PM 19024]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 4:00 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536]
S1 akxvhzjl;akxvhzjl;\??\c:\windows\system32\drivers\akxvhzjl.sys --> c:\windows\system32\drivers\akxvhzjl.sys [?]
S1 aldbdidx;aldbdidx;\??\c:\windows\system32\drivers\aldbdidx.sys --> c:\windows\system32\drivers\aldbdidx.sys [?]
S1 amkgekgy;amkgekgy;\??\c:\windows\system32\drivers\amkgekgy.sys --> c:\windows\system32\drivers\amkgekgy.sys [?]
S1 anmltbxr;anmltbxr;\??\c:\windows\system32\drivers\anmltbxr.sys --> c:\windows\system32\drivers\anmltbxr.sys [?]
S1 aqbuiium;aqbuiium;\??\c:\windows\system32\drivers\aqbuiium.sys --> c:\windows\system32\drivers\aqbuiium.sys [?]
S1 arqnhele;arqnhele;\??\c:\windows\system32\drivers\arqnhele.sys --> c:\windows\system32\drivers\arqnhele.sys [?]
S1 aryfxdkb;aryfxdkb;\??\c:\windows\system32\drivers\aryfxdkb.sys --> c:\windows\system32\drivers\aryfxdkb.sys [?]
S1 auilrzqj;auilrzqj;\??\c:\windows\system32\drivers\auilrzqj.sys --> c:\windows\system32\drivers\auilrzqj.sys [?]
S1 azcyqwsm;azcyqwsm;\??\c:\windows\system32\drivers\azcyqwsm.sys --> c:\windows\system32\drivers\azcyqwsm.sys [?]
S1 azxhlrhv;azxhlrhv;\??\c:\windows\system32\drivers\azxhlrhv.sys --> c:\windows\system32\drivers\azxhlrhv.sys [?]
S1 bcrnrjzh;bcrnrjzh;\??\c:\windows\system32\drivers\bcrnrjzh.sys --> c:\windows\system32\drivers\bcrnrjzh.sys [?]
S1 bdesjmli;bdesjmli;\??\c:\windows\system32\drivers\bdesjmli.sys --> c:\windows\system32\drivers\bdesjmli.sys [?]
S1 bdmjokcl;bdmjokcl;\??\c:\windows\system32\drivers\bdmjokcl.sys --> c:\windows\system32\drivers\bdmjokcl.sys [?]
S1 bfaupvqf;bfaupvqf;\??\c:\windows\system32\drivers\bfaupvqf.sys --> c:\windows\system32\drivers\bfaupvqf.sys [?]
S1 biqsqvpk;biqsqvpk;\??\c:\windows\system32\drivers\biqsqvpk.sys --> c:\windows\system32\drivers\biqsqvpk.sys [?]
S1 bjtxyykb;bjtxyykb;\??\c:\windows\system32\drivers\bjtxyykb.sys --> c:\windows\system32\drivers\bjtxyykb.sys [?]
S1 bllnbwjk;bllnbwjk;\??\c:\windows\system32\drivers\bllnbwjk.sys --> c:\windows\system32\drivers\bllnbwjk.sys [?]
S1 bmcvpxuy;bmcvpxuy;\??\c:\windows\system32\drivers\bmcvpxuy.sys --> c:\windows\system32\drivers\bmcvpxuy.sys [?]
S1 bnzastdy;bnzastdy;\??\c:\windows\system32\drivers\bnzastdy.sys --> c:\windows\system32\drivers\bnzastdy.sys [?]
S1 bphmdsga;bphmdsga;\??\c:\windows\system32\drivers\bphmdsga.sys --> c:\windows\system32\drivers\bphmdsga.sys [?]
S1 bsxaevlp;bsxaevlp;\??\c:\windows\system32\drivers\bsxaevlp.sys --> c:\windows\system32\drivers\bsxaevlp.sys [?]
S1 btpnhwrm;btpnhwrm;\??\c:\windows\system32\drivers\btpnhwrm.sys --> c:\windows\system32\drivers\btpnhwrm.sys [?]
S1 btqbdagn;btqbdagn;\??\c:\windows\system32\drivers\btqbdagn.sys --> c:\windows\system32\drivers\btqbdagn.sys [?]
S1 bwykjnzm;bwykjnzm;\??\c:\windows\system32\drivers\bwykjnzm.sys --> c:\windows\system32\drivers\bwykjnzm.sys [?]
S1 cffpfusg;cffpfusg;\??\c:\windows\system32\drivers\cffpfusg.sys --> c:\windows\system32\drivers\cffpfusg.sys [?]
S1 cfpsowcp;cfpsowcp;\??\c:\windows\system32\drivers\cfpsowcp.sys --> c:\windows\system32\drivers\cfpsowcp.sys [?]
S1 cgchqvmh;cgchqvmh;\??\c:\windows\system32\drivers\cgchqvmh.sys --> c:\windows\system32\drivers\cgchqvmh.sys [?]
S1 cgyatpcq;cgyatpcq;\??\c:\windows\system32\drivers\cgyatpcq.sys --> c:\windows\system32\drivers\cgyatpcq.sys [?]
S1 cjwgbawx;cjwgbawx;\??\c:\windows\system32\drivers\cjwgbawx.sys --> c:\windows\system32\drivers\cjwgbawx.sys [?]
S1 confpbkh;confpbkh;\??\c:\windows\system32\drivers\confpbkh.sys --> c:\windows\system32\drivers\confpbkh.sys [?]
S1 covykfta;covykfta;\??\c:\windows\system32\drivers\covykfta.sys --> c:\windows\system32\drivers\covykfta.sys [?]
S1 cpcqkybh;cpcqkybh;\??\c:\windows\system32\drivers\cpcqkybh.sys --> c:\windows\system32\drivers\cpcqkybh.sys [?]
S1 cqwiikjo;cqwiikjo;\??\c:\windows\system32\drivers\cqwiikjo.sys --> c:\windows\system32\drivers\cqwiikjo.sys [?]
S1 crhgklqm;crhgklqm;\??\c:\windows\system32\drivers\crhgklqm.sys --> c:\windows\system32\drivers\crhgklqm.sys [?]
S1 cucexgrk;cucexgrk;\??\c:\windows\system32\drivers\cucexgrk.sys --> c:\windows\system32\drivers\cucexgrk.sys [?]
S1 cycwxvsh;cycwxvsh;\??\c:\windows\system32\drivers\cycwxvsh.sys --> c:\windows\system32\drivers\cycwxvsh.sys [?]
S1 cyzqlopd;cyzqlopd;\??\c:\windows\system32\drivers\cyzqlopd.sys --> c:\windows\system32\drivers\cyzqlopd.sys [?]
S1 czsyhwge;czsyhwge;\??\c:\windows\system32\drivers\czsyhwge.sys --> c:\windows\system32\drivers\czsyhwge.sys [?]
S1 dempciax;dempciax;\??\c:\windows\system32\drivers\dempciax.sys --> c:\windows\system32\drivers\dempciax.sys [?]
S1 dhcrzjug;dhcrzjug;\??\c:\windows\system32\drivers\dhcrzjug.sys --> c:\windows\system32\drivers\dhcrzjug.sys [?]
S1 dhnpzwkw;dhnpzwkw;\??\c:\windows\system32\drivers\dhnpzwkw.sys --> c:\windows\system32\drivers\dhnpzwkw.sys [?]
S1 dizxpjuu;dizxpjuu;\??\c:\windows\system32\drivers\dizxpjuu.sys --> c:\windows\system32\drivers\dizxpjuu.sys [?]
S1 djanznix;djanznix;\??\c:\windows\system32\drivers\djanznix.sys --> c:\windows\system32\drivers\djanznix.sys [?]
S1 dqparvco;dqparvco;\??\c:\windows\system32\drivers\dqparvco.sys --> c:\windows\system32\drivers\dqparvco.sys [?]
S1 dsocwkkg;dsocwkkg;\??\c:\windows\system32\drivers\dsocwkkg.sys --> c:\windows\system32\drivers\dsocwkkg.sys [?]
S1 dspexodj;dspexodj;\??\c:\windows\system32\drivers\dspexodj.sys --> c:\windows\system32\drivers\dspexodj.sys [?]
S1 dzdktxbp;dzdktxbp;\??\c:\windows\system32\drivers\dzdktxbp.sys --> c:\windows\system32\drivers\dzdktxbp.sys [?]
S1 dzdqzjue;dzdqzjue;\??\c:\windows\system32\drivers\dzdqzjue.sys --> c:\windows\system32\drivers\dzdqzjue.sys [?]
S1 egaqbgug;egaqbgug;\??\c:\windows\system32\drivers\egaqbgug.sys --> c:\windows\system32\drivers\egaqbgug.sys [?]
S1 egwhgfcp;egwhgfcp;\??\c:\windows\system32\drivers\egwhgfcp.sys --> c:\windows\system32\drivers\egwhgfcp.sys [?]
S1 egxygdnk;egxygdnk;\??\c:\windows\system32\drivers\egxygdnk.sys --> c:\windows\system32\drivers\egxygdnk.sys [?]
S1 eikaigbb;eikaigbb;\??\c:\windows\system32\drivers\eikaigbb.sys --> c:\windows\system32\drivers\eikaigbb.sys [?]
S1 elcaokro;elcaokro;\??\c:\windows\system32\drivers\elcaokro.sys --> c:\windows\system32\drivers\elcaokro.sys [?]
S1 elhnrlfp;elhnrlfp;\??\c:\windows\system32\drivers\elhnrlfp.sys --> c:\windows\system32\drivers\elhnrlfp.sys [?]
S1 elwielfp;elwielfp;\??\c:\windows\system32\drivers\elwielfp.sys --> c:\windows\system32\drivers\elwielfp.sys [?]
S1 emlivmgj;emlivmgj;\??\c:\windows\system32\drivers\emlivmgj.sys --> c:\windows\system32\drivers\emlivmgj.sys [?]
S1 eqqnxqyh;eqqnxqyh;\??\c:\windows\system32\drivers\eqqnxqyh.sys --> c:\windows\system32\drivers\eqqnxqyh.sys [?]
S1 euyclqai;euyclqai;\??\c:\windows\system32\drivers\euyclqai.sys --> c:\windows\system32\drivers\euyclqai.sys [?]
S1 evlkzplj;evlkzplj;\??\c:\windows\system32\drivers\evlkzplj.sys --> c:\windows\system32\drivers\evlkzplj.sys [?]
S1 fgmqeacf;fgmqeacf;\??\c:\windows\system32\drivers\fgmqeacf.sys --> c:\windows\system32\drivers\fgmqeacf.sys [?]
S1 fjragfmy;fjragfmy;\??\c:\windows\system32\drivers\fjragfmy.sys --> c:\windows\system32\drivers\fjragfmy.sys [?]
S1 fjtxcswn;fjtxcswn;\??\c:\windows\system32\drivers\fjtxcswn.sys --> c:\windows\system32\drivers\fjtxcswn.sys [?]
S1 ftcdggxm;ftcdggxm;\??\c:\windows\system32\drivers\ftcdggxm.sys --> c:\windows\system32\drivers\ftcdggxm.sys [?]
S1 ftfzpeyl;ftfzpeyl;\??\c:\windows\system32\drivers\ftfzpeyl.sys --> c:\windows\system32\drivers\ftfzpeyl.sys [?]
S1 fukobmgg;fukobmgg;\??\c:\windows\system32\drivers\fukobmgg.sys --> c:\windows\system32\drivers\fukobmgg.sys [?]
S1 fvhrxqku;fvhrxqku;\??\c:\windows\system32\drivers\fvhrxqku.sys --> c:\windows\system32\drivers\fvhrxqku.sys [?]
S1 fxtgttml;fxtgttml;\??\c:\windows\system32\drivers\fxtgttml.sys --> c:\windows\system32\drivers\fxtgttml.sys [?]
S1 fxvfmpho;fxvfmpho;\??\c:\windows\system32\drivers\fxvfmpho.sys --> c:\windows\system32\drivers\fxvfmpho.sys [?]
S1 fybswgcw;fybswgcw;\??\c:\windows\system32\drivers\fybswgcw.sys --> c:\windows\system32\drivers\fybswgcw.sys [?]
S1 gafynqad;gafynqad;\??\c:\windows\system32\drivers\gafynqad.sys --> c:\windows\system32\drivers\gafynqad.sys [?]
S1 gcdcrxhd;gcdcrxhd;\??\c:\windows\system32\drivers\gcdcrxhd.sys --> c:\windows\system32\drivers\gcdcrxhd.sys [?]
S1 gdjolwky;gdjolwky;\??\c:\windows\system32\drivers\gdjolwky.sys --> c:\windows\system32\drivers\gdjolwky.sys [?]
S1 gdzacnlf;gdzacnlf;\??\c:\windows\system32\drivers\gdzacnlf.sys --> c:\windows\system32\drivers\gdzacnlf.sys [?]
S1 gegzeaei;gegzeaei;\??\c:\windows\system32\drivers\gegzeaei.sys --> c:\windows\system32\drivers\gegzeaei.sys [?]
S1 ghhgqoqi;ghhgqoqi;\??\c:\windows\system32\drivers\ghhgqoqi.sys --> c:\windows\system32\drivers\ghhgqoqi.sys [?]
S1 gikeffip;gikeffip;\??\c:\windows\system32\drivers\gikeffip.sys --> c:\windows\system32\drivers\gikeffip.sys [?]
S1 gipsiddu;gipsiddu;\??\c:\windows\system32\drivers\gipsiddu.sys --> c:\windows\system32\drivers\gipsiddu.sys [?]
S1 gkkakamq;gkkakamq;\??\c:\windows\system32\drivers\gkkakamq.sys --> c:\windows\system32\drivers\gkkakamq.sys [?]
S1 gmtlrzve;gmtlrzve;\??\c:\windows\system32\drivers\gmtlrzve.sys --> c:\windows\system32\drivers\gmtlrzve.sys [?]
S1 gnkmtawi;gnkmtawi;\??\c:\windows\system32\drivers\gnkmtawi.sys --> c:\windows\system32\drivers\gnkmtawi.sys [?]
S1 gnrvqgjl;gnrvqgjl;\??\c:\windows\system32\drivers\gnrvqgjl.sys --> c:\windows\system32\drivers\gnrvqgjl.sys [?]
S1 gpbqjgkl;gpbqjgkl;\??\c:\windows\system32\drivers\gpbqjgkl.sys --> c:\windows\system32\drivers\gpbqjgkl.sys [?]
S1 gqbkocbz;gqbkocbz;\??\c:\windows\system32\drivers\gqbkocbz.sys --> c:\windows\system32\drivers\gqbkocbz.sys [?]
S1 gtuenvoz;gtuenvoz;\??\c:\windows\system32\drivers\gtuenvoz.sys --> c:\windows\system32\drivers\gtuenvoz.sys [?]
S1 gvpywatl;gvpywatl;\??\c:\windows\system32\drivers\gvpywatl.sys --> c:\windows\system32\drivers\gvpywatl.sys [?]
S1 gwwijqpn;gwwijqpn;\??\c:\windows\system32\drivers\gwwijqpn.sys --> c:\windows\system32\drivers\gwwijqpn.sys [?]
S1 gxpdvrkk;gxpdvrkk;\??\c:\windows\system32\drivers\gxpdvrkk.sys --> c:\windows\system32\drivers\gxpdvrkk.sys [?]
S1 hcdweiug;hcdweiug;\??\c:\windows\system32\drivers\hcdweiug.sys --> c:\windows\system32\drivers\hcdweiug.sys [?]
S1 hfdcvfii;hfdcvfii;\??\c:\windows\system32\drivers\hfdcvfii.sys --> c:\windows\system32\drivers\hfdcvfii.sys [?]
S1 hhblyhuk;hhblyhuk;\??\c:\windows\system32\drivers\hhblyhuk.sys --> c:\windows\system32\drivers\hhblyhuk.sys [?]
S1 hhvjjkor;hhvjjkor;\??\c:\windows\system32\drivers\hhvjjkor.sys --> c:\windows\system32\drivers\hhvjjkor.sys [?]
S1 hpuszztp;hpuszztp;\??\c:\windows\system32\drivers\hpuszztp.sys --> c:\windows\system32\drivers\hpuszztp.sys [?]
S1 hxrrovmg;hxrrovmg;\??\c:\windows\system32\drivers\hxrrovmg.sys --> c:\windows\system32\drivers\hxrrovmg.sys [?]
S1 iahndycw;iahndycw;\??\c:\windows\system32\drivers\iahndycw.sys --> c:\windows\system32\drivers\iahndycw.sys [?]
S1 idsysckd;idsysckd;\??\c:\windows\system32\drivers\idsysckd.sys --> c:\windows\system32\drivers\idsysckd.sys [?]
S1 ifniiuyn;ifniiuyn;\??\c:\windows\system32\drivers\ifniiuyn.sys --> c:\windows\system32\drivers\ifniiuyn.sys [?]
S1 ifvqmtbe;ifvqmtbe;\??\c:\windows\system32\drivers\ifvqmtbe.sys --> c:\windows\system32\drivers\ifvqmtbe.sys [?]
S1 ihqlcnnj;ihqlcnnj;\??\c:\windows\system32\drivers\ihqlcnnj.sys --> c:\windows\system32\drivers\ihqlcnnj.sys [?]
S1 ihqsznee;ihqsznee;\??\c:\windows\system32\drivers\ihqsznee.sys --> c:\windows\system32\drivers\ihqsznee.sys [?]
S1 iiwogsjt;iiwogsjt;\??\c:\windows\system32\drivers\iiwogsjt.sys --> c:\windows\system32\drivers\iiwogsjt.sys [?]
S1 ikbxbufw;ikbxbufw;\??\c:\windows\system32\drivers\ikbxbufw.sys --> c:\windows\system32\drivers\ikbxbufw.sys [?]
S1 ilayhark;ilayhark;\??\c:\windows\system32\drivers\ilayhark.sys --> c:\windows\system32\drivers\ilayhark.sys [?]
S1 indajciz;indajciz;\??\c:\windows\system32\drivers\indajciz.sys --> c:\windows\system32\drivers\indajciz.sys [?]
S1 iqamedxn;iqamedxn;\??\c:\windows\system32\drivers\iqamedxn.sys --> c:\windows\system32\drivers\iqamedxn.sys [?]
S1 ircmfllx;ircmfllx;\??\c:\windows\system32\drivers\ircmfllx.sys --> c:\windows\system32\drivers\ircmfllx.sys [?]
S1 ivwgkehr;ivwgkehr;\??\c:\windows\system32\drivers\ivwgkehr.sys --> c:\windows\system32\drivers\ivwgkehr.sys [?]
S1 iyodaqrt;iyodaqrt;\??\c:\windows\system32\drivers\iyodaqrt.sys --> c:\windows\system32\drivers\iyodaqrt.sys [?]
S1 izwdiexf;izwdiexf;\??\c:\windows\system32\drivers\izwdiexf.sys --> c:\windows\system32\drivers\izwdiexf.sys [?]
S1 jewqmffj;jewqmffj;\??\c:\windows\system32\drivers\jewqmffj.sys --> c:\windows\system32\drivers\jewqmffj.sys [?]
S1 jhgdjkxn;jhgdjkxn;\??\c:\windows\system32\drivers\jhgdjkxn.sys --> c:\windows\system32\drivers\jhgdjkxn.sys [?]
S1 jjhlkyeb;jjhlkyeb;\??\c:\windows\system32\drivers\jjhlkyeb.sys --> c:\windows\system32\drivers\jjhlkyeb.sys [?]
S1 jmenoyvo;jmenoyvo;\??\c:\windows\system32\drivers\jmenoyvo.sys --> c:\windows\system32\drivers\jmenoyvo.sys [?]
S1 jnmescwk;jnmescwk;\??\c:\windows\system32\drivers\jnmescwk.sys --> c:\windows\system32\drivers\jnmescwk.sys [?]
S1 jntvtnbx;jntvtnbx;\??\c:\windows\system32\drivers\jntvtnbx.sys --> c:\windows\system32\drivers\jntvtnbx.sys [?]
S1 joodasob;joodasob;\??\c:\windows\system32\drivers\joodasob.sys --> c:\windows\system32\drivers\joodasob.sys [?]
S1 jotobuqv;jotobuqv;\??\c:\windows\system32\drivers\jotobuqv.sys --> c:\windows\system32\drivers\jotobuqv.sys [?]
S1 jpecaeup;jpecaeup;\??\c:\windows\system32\drivers\jpecaeup.sys --> c:\windows\system32\drivers\jpecaeup.sys [?]
S1 jsredgcs;jsredgcs;\??\c:\windows\system32\drivers\jsredgcs.sys --> c:\windows\system32\drivers\jsredgcs.sys [?]
S1 jssybjuq;jssybjuq;\??\c:\windows\system32\drivers\jssybjuq.sys --> c:\windows\system32\drivers\jssybjuq.sys [?]
S1 jtvgtblk;jtvgtblk;\??\c:\windows\system32\drivers\jtvgtblk.sys --> c:\windows\system32\drivers\jtvgtblk.sys [?]
S1 jwlfhsxs;jwlfhsxs;\??\c:\windows\system32\drivers\jwlfhsxs.sys --> c:\windows\system32\drivers\jwlfhsxs.sys [?]
S1 jxhtuptk;jxhtuptk;\??\c:\windows\system32\drivers\jxhtuptk.sys --> c:\windows\system32\drivers\jxhtuptk.sys [?]
S1 kauvgrkv;kauvgrkv;\??\c:\windows\system32\drivers\kauvgrkv.sys --> c:\windows\system32\drivers\kauvgrkv.sys [?]
S1 kbigsxyn;kbigsxyn;\??\c:\windows\system32\drivers\kbigsxyn.sys --> c:\windows\system32\drivers\kbigsxyn.sys [?]
S1 kcbyrjvd;kcbyrjvd;\??\c:\windows\system32\drivers\kcbyrjvd.sys --> c:\windows\system32\drivers\kcbyrjvd.sys [?]
S1 keemfrhu;keemfrhu;\??\c:\windows\system32\drivers\keemfrhu.sys --> c:\windows\system32\drivers\keemfrhu.sys [?]
S1 kefbztcz;kefbztcz;\??\c:\windows\system32\drivers\kefbztcz.sys --> c:\windows\system32\drivers\kefbztcz.sys [?]
S1 keinwebs;keinwebs;\??\c:\windows\system32\drivers\keinwebs.sys --> c:\windows\system32\drivers\keinwebs.sys [?]
S1 kewnpyta;kewnpyta;\??\c:\windows\system32\drivers\kewnpyta.sys --> c:\windows\system32\drivers\kewnpyta.sys [?]
S1 kggywtzb;kggywtzb;\??\c:\windows\system32\drivers\kggywtzb.sys --> c:\windows\system32\drivers\kggywtzb.sys [?]
S1 knadvbzy;knadvbzy;\??\c:\windows\system32\drivers\knadvbzy.sys --> c:\windows\system32\drivers\knadvbzy.sys [?]
S1 kngmarhc;kngmarhc;\??\c:\windows\system32\drivers\kngmarhc.sys --> c:\windows\system32\drivers\kngmarhc.sys [?]
S1 knwmdxqg;knwmdxqg;\??\c:\windows\system32\drivers\knwmdxqg.sys --> c:\windows\system32\drivers\knwmdxqg.sys [?]
S1 kotpcqrp;kotpcqrp;\??\c:\windows\system32\drivers\kotpcqrp.sys --> c:\windows\system32\drivers\kotpcqrp.sys [?]
S1 kpifzknx;kpifzknx;\??\c:\windows\system32\drivers\kpifzknx.sys --> c:\windows\system32\drivers\kpifzknx.sys [?]
S1 ksvpgdkz;ksvpgdkz;\??\c:\windows\system32\drivers\ksvpgdkz.sys --> c:\windows\system32\drivers\ksvpgdkz.sys [?]
S1 ksvvhsjd;ksvvhsjd;\??\c:\windows\system32\drivers\ksvvhsjd.sys --> c:\windows\system32\drivers\ksvvhsjd.sys [?]
S1 ktsonpei;ktsonpei;\??\c:\windows\system32\drivers\ktsonpei.sys --> c:\windows\system32\drivers\ktsonpei.sys [?]
S1 kuhvwafx;kuhvwafx;\??\c:\windows\system32\drivers\kuhvwafx.sys --> c:\windows\system32\drivers\kuhvwafx.sys [?]
S1 kwqghnux;kwqghnux;\??\c:\windows\system32\drivers\kwqghnux.sys --> c:\windows\system32\drivers\kwqghnux.sys [?]
S1 kxcdtpku;kxcdtpku;\??\c:\windows\system32\drivers\kxcdtpku.sys --> c:\windows\system32\drivers\kxcdtpku.sys [?]
S1 labudtxb;labudtxb;\??\c:\windows\system32\drivers\labudtxb.sys --> c:\windows\system32\drivers\labudtxb.sys [?]
S1 lgtfimps;lgtfimps;\??\c:\windows\system32\drivers\lgtfimps.sys --> c:\windows\system32\drivers\lgtfimps.sys [?]
S1 lktgsiyn;lktgsiyn;\??\c:\windows\system32\drivers\lktgsiyn.sys --> c:\windows\system32\drivers\lktgsiyn.sys [?]
S1 llbpvboe;llbpvboe;\??\c:\windows\system32\drivers\llbpvboe.sys --> c:\windows\system32\drivers\llbpvboe.sys [?]
S1 lmnqnync;lmnqnync;\??\c:\windows\system32\drivers\lmnqnync.sys --> c:\windows\system32\drivers\lmnqnync.sys [?]
S1 loskyasn;loskyasn;\??\c:\windows\system32\drivers\loskyasn.sys --> c:\windows\system32\drivers\loskyasn.sys [?]
S1 lqnlxfgq;lqnlxfgq;\??\c:\windows\system32\drivers\lqnlxfgq.sys --> c:\windows\system32\drivers\lqnlxfgq.sys [?]
S1 lrfpslgn;lrfpslgn;\??\c:\windows\system32\drivers\lrfpslgn.sys --> c:\windows\system32\drivers\lrfpslgn.sys [?]
S1 luoeogin;luoeogin;\??\c:\windows\system32\drivers\luoeogin.sys --> c:\windows\system32\drivers\luoeogin.sys [?]
S1 lvyhaaok;lvyhaaok;\??\c:\windows\system32\drivers\lvyhaaok.sys --> c:\windows\system32\drivers\lvyhaaok.sys [?]
S1 lxhukxaj;lxhukxaj;\??\c:\windows\system32\drivers\lxhukxaj.sys --> c:\windows\system32\drivers\lxhukxaj.sys [?]
S1 lxovzbjo;lxovzbjo;\??\c:\windows\system32\drivers\lxovzbjo.sys --> c:\windows\system32\drivers\lxovzbjo.sys [?]
S1 lyrnrrhz;lyrnrrhz;\??\c:\windows\system32\drivers\lyrnrrhz.sys --> c:\windows\system32\drivers\lyrnrrhz.sys [?]
S1 mfpkaqvy;mfpkaqvy;\??\c:\windows\system32\drivers\mfpkaqvy.sys --> c:\windows\system32\drivers\mfpkaqvy.sys [?]
S1 misovtfm;misovtfm;\??\c:\windows\system32\drivers\misovtfm.sys --> c:\windows\system32\drivers\misovtfm.sys [?]
S1 mivamdzj;mivamdzj;\??\c:\windows\system32\drivers\mivamdzj.sys --> c:\windows\system32\drivers\mivamdzj.sys [?]
S1 mmafbyni;mmafbyni;\??\c:\windows\system32\drivers\mmafbyni.sys --> c:\windows\system32\drivers\mmafbyni.sys [?]
S1 mpabqxuk;mpabqxuk;\??\c:\windows\system32\drivers\mpabqxuk.sys --> c:\windows\system32\drivers\mpabqxuk.sys [?]
S1 mpckxzwo;mpckxzwo;\??\c:\windows\system32\drivers\mpckxzwo.sys --> c:\windows\system32\drivers\mpckxzwo.sys [?]
S1 MpKsl35514a4d;MpKsl35514a4d;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF55FF8B-11D9-4753-A5FD-975E4A4B35D2}\MpKsl35514a4d.sys [5/2/2010 2:11 AM 28752]
S1 msbrgwte;msbrgwte;\??\c:\windows\system32\drivers\msbrgwte.sys --> c:\windows\system32\drivers\msbrgwte.sys [?]
S1 mtmxlfdm;mtmxlfdm;\??\c:\windows\system32\drivers\mtmxlfdm.sys --> c:\windows\system32\drivers\mtmxlfdm.sys [?]
S1 mttpbalw;mttpbalw;\??\c:\windows\system32\drivers\mttpbalw.sys --> c:\windows\system32\drivers\mttpbalw.sys [?]
S1 mulvuzqd;mulvuzqd;\??\c:\windows\system32\drivers\mulvuzqd.sys --> c:\windows\system32\drivers\mulvuzqd.sys [?]
S1 nalcelec;nalcelec;\??\c:\windows\system32\drivers\nalcelec.sys --> c:\windows\system32\drivers\nalcelec.sys [?]
S1 nazlqfpx;nazlqfpx;\??\c:\windows\system32\drivers\nazlqfpx.sys --> c:\windows\system32\drivers\nazlqfpx.sys [?]
S1 ndpbelpv;ndpbelpv;\??\c:\windows\system32\drivers\ndpbelpv.sys --> c:\windows\system32\drivers\ndpbelpv.sys [?]
S1 ndymvtjt;ndymvtjt;\??\c:\windows\system32\drivers\ndymvtjt.sys --> c:\windows\system32\drivers\ndymvtjt.sys [?]
S1 nfiitobq;nfiitobq;\??\c:\windows\system32\drivers\nfiitobq.sys --> c:\windows\system32\drivers\nfiitobq.sys [?]
S1 ngccwvrc;ngccwvrc;\??\c:\windows\system32\drivers\ngccwvrc.sys --> c:\windows\system32\drivers\ngccwvrc.sys [?]
S1 ngosfqlw;ngosfqlw;\??\c:\windows\system32\drivers\ngosfqlw.sys --> c:\windows\system32\drivers\ngosfqlw.sys [?]
S1 nirruybk;nirruybk;\??\c:\windows\system32\drivers\nirruybk.sys --> c:\windows\system32\drivers\nirruybk.sys [?]
S1 njirkpth;njirkpth;\??\c:\windows\system32\drivers\njirkpth.sys --> c:\windows\system32\drivers\njirkpth.sys [?]
S1 nlwtqwtl;nlwtqwtl;\??\c:\windows\system32\drivers\nlwtqwtl.sys --> c:\windows\system32\drivers\nlwtqwtl.sys [?]
S1 nnrniwsj;nnrniwsj;\??\c:\windows\system32\drivers\nnrniwsj.sys --> c:\windows\system32\drivers\nnrniwsj.sys [?]
S1 ntfsmgiu;ntfsmgiu;\??\c:\windows\system32\drivers\ntfsmgiu.sys --> c:\windows\system32\drivers\ntfsmgiu.sys [?]
S1 oaphgqxt;oaphgqxt;\??\c:\windows\system32\drivers\oaphgqxt.sys --> c:\windows\system32\drivers\oaphgqxt.sys [?]
S1 ofqplbwx;ofqplbwx;\??\c:\windows\system32\drivers\ofqplbwx.sys --> c:\windows\system32\drivers\ofqplbwx.sys [?]
S1 omslugwu;omslugwu;\??\c:\windows\system32\drivers\omslugwu.sys --> c:\windows\system32\drivers\omslugwu.sys [?]
S1 ongshwmg;ongshwmg;\??\c:\windows\system32\drivers\ongshwmg.sys --> c:\windows\system32\drivers\ongshwmg.sys [?]
S1 oscqhhkj;oscqhhkj;\??\c:\windows\system32\drivers\oscqhhkj.sys --> c:\windows\system32\drivers\oscqhhkj.sys [?]
S1 osxiclft;osxiclft;\??\c:\windows\system32\drivers\osxiclft.sys --> c:\windows\system32\drivers\osxiclft.sys [?]
S1 otqcruzk;otqcruzk;\??\c:\windows\system32\drivers\otqcruzk.sys --> c:\windows\system32\drivers\otqcruzk.sys [?]
S1 oxofdoif;oxofdoif;\??\c:\windows\system32\drivers\oxofdoif.sys --> c:\windows\system32\drivers\oxofdoif.sys [?]
S1 palvtexw;palvtexw;\??\c:\windows\system32\drivers\palvtexw.sys --> c:\windows\system32\drivers\palvtexw.sys [?]
S1 pdsxbohr;pdsxbohr;\??\c:\windows\system32\drivers\pdsxbohr.sys --> c:\windows\system32\drivers\pdsxbohr.sys [?]
S1 pgohysza;pgohysza;\??\c:\windows\system32\drivers\pgohysza.sys --> c:\windows\system32\drivers\pgohysza.sys [?]
S1 phdevhvu;phdevhvu;\??\c:\windows\system32\drivers\phdevhvu.sys --> c:\windows\system32\drivers\phdevhvu.sys [?]
S1 phsbuvjv;phsbuvjv;\??\c:\windows\system32\drivers\phsbuvjv.sys --> c:\windows\system32\drivers\phsbuvjv.sys [?]
S1 pjhigbur;pjhigbur;\??\c:\windows\system32\drivers\pjhigbur.sys --> c:\windows\system32\drivers\pjhigbur.sys [?]
S1 pjqomsii;pjqomsii;\??\c:\windows\system32\drivers\pjqomsii.sys --> c:\windows\system32\drivers\pjqomsii.sys [?]
S1 pkaedhvo;pkaedhvo;\??\c:\windows\system32\drivers\pkaedhvo.sys --> c:\windows\system32\drivers\pkaedhvo.sys [?]
S1 poninejn;poninejn;\??\c:\windows\system32\drivers\poninejn.sys --> c:\windows\system32\drivers\poninejn.sys [?]
S1 pqjsctys;pqjsctys;\??\c:\windows\system32\drivers\pqjsctys.sys --> c:\windows\system32\drivers\pqjsctys.sys [?]
S1 prkedrid;prkedrid;\??\c:\windows\system32\drivers\prkedrid.sys --> c:\windows\system32\drivers\prkedrid.sys [?]
S1 ptgakvja;ptgakvja;\??\c:\windows\system32\drivers\ptgakvja.sys --> c:\windows\system32\drivers\ptgakvja.sys [?]
S1 puxjbrky;puxjbrky;\??\c:\windows\system32\drivers\puxjbrky.sys --> c:\windows\system32\drivers\puxjbrky.sys [?]
S1 pwanueqh;pwanueqh;\??\c:\windows\system32\drivers\pwanueqh.sys --> c:\windows\system32\drivers\pwanueqh.sys [?]
S1 pxlqylqy;pxlqylqy;\??\c:\windows\system32\drivers\pxlqylqy.sys --> c:\windows\system32\drivers\pxlqylqy.sys [?]
S1 pygqjdnr;pygqjdnr;\??\c:\windows\system32\drivers\pygqjdnr.sys --> c:\windows\system32\drivers\pygqjdnr.sys [?]
S1 qdcbbbqp;qdcbbbqp;\??\c:\windows\system32\drivers\qdcbbbqp.sys --> c:\windows\system32\drivers\qdcbbbqp.sys [?]
S1 qslvqolv;qslvqolv;\??\c:\windows\system32\drivers\qslvqolv.sys --> c:\windows\system32\drivers\qslvqolv.sys [?]
S1 qtnvogxy;qtnvogxy;\??\c:\windows\system32\drivers\qtnvogxy.sys --> c:\windows\system32\drivers\qtnvogxy.sys [?]
S1 qtucmvew;qtucmvew;\??\c:\windows\system32\drivers\qtucmvew.sys --> c:\windows\system32\drivers\qtucmvew.sys [?]
S1 qumodahs;qumodahs;\??\c:\windows\system32\drivers\qumodahs.sys --> c:\windows\system32\drivers\qumodahs.sys [?]
S1 qwawhjvh;qwawhjvh;\??\c:\windows\system32\drivers\qwawhjvh.sys --> c:\windows\system32\drivers\qwawhjvh.sys [?]
S1 qwflqvqs;qwflqvqs;\??\c:\windows\system32\drivers\qwflqvqs.sys --> c:\windows\system32\drivers\qwflqvqs.sys [?]
S1 qwyddvbo;qwyddvbo;\??\c:\windows\system32\drivers\qwyddvbo.sys --> c:\windows\system32\drivers\qwyddvbo.sys [?]
S1 qxfdfvza;qxfdfvza;\??\c:\windows\system32\drivers\qxfdfvza.sys --> c:\windows\system32\drivers\qxfdfvza.sys [?]
S1 rclsmjrx;rclsmjrx;\??\c:\windows\system32\drivers\rclsmjrx.sys --> c:\windows\system32\drivers\rclsmjrx.sys [?]
S1 regbcwfa;regbcwfa;\??\c:\windows\system32\drivers\regbcwfa.sys --> c:\windows\system32\drivers\regbcwfa.sys [?]
S1 relodtmp;relodtmp;\??\c:\windows\system32\drivers\relodtmp.sys --> c:\windows\system32\drivers\relodtmp.sys [?]
S1 rfdwarhp;rfdwarhp;\??\c:\windows\system32\drivers\rfdwarhp.sys --> c:\windows\system32\drivers\rfdwarhp.sys [?]
S1 rmcnewsd;rmcnewsd;\??\c:\windows\system32\drivers\rmcnewsd.sys --> c:\windows\system32\drivers\rmcnewsd.sys [?]
S1 rmiyrmlk;rmiyrmlk;\??\c:\windows\system32\drivers\rmiyrmlk.sys --> c:\windows\system32\drivers\rmiyrmlk.sys [?]
S1 rsqmlagi;rsqmlagi;\??\c:\windows\system32\drivers\rsqmlagi.sys --> c:\windows\system32\drivers\rsqmlagi.sys [?]
S1 rsubrcou;rsubrcou;\??\c:\windows\system32\drivers\rsubrcou.sys --> c:\windows\system32\drivers\rsubrcou.sys [?]
S1 rtkfucsp;rtkfucsp;\??\c:\windows\system32\drivers\rtkfucsp.sys --> c:\windows\system32\drivers\rtkfucsp.sys [?]
S1 ruwbrbkn;ruwbrbkn;\??\c:\windows\system32\drivers\ruwbrbkn.sys --> c:\windows\system32\drivers\ruwbrbkn.sys [?]
S1 sahvvxdc;sahvvxdc;\??\c:\windows\system32\drivers\sahvvxdc.sys --> c:\windows\system32\drivers\sahvvxdc.sys [?]
S1 savaxtdf;savaxtdf;\??\c:\windows\system32\drivers\savaxtdf.sys --> c:\windows\system32\drivers\savaxtdf.sys [?]
S1 sbxgkbnz;sbxgkbnz;\??\c:\windows\system32\drivers\sbxgkbnz.sys --> c:\windows\system32\drivers\sbxgkbnz.sys [?]
S1 sbymlbnc;sbymlbnc;\??\c:\windows\system32\drivers\sbymlbnc.sys --> c:\windows\system32\drivers\sbymlbnc.sys [?]
S1 sdvufbbg;sdvufbbg;\??\c:\windows\system32\drivers\sdvufbbg.sys --> c:\windows\system32\drivers\sdvufbbg.sys [?]
S1 sfwmfnab;sfwmfnab;\??\c:\windows\system32\drivers\sfwmfnab.sys --> c:\windows\system32\drivers\sfwmfnab.sys [?]
S1 sgtjyopp;sgtjyopp;\??\c:\windows\system32\drivers\sgtjyopp.sys --> c:\windows\system32\drivers\sgtjyopp.sys [?]
S1 sjevoitz;sjevoitz;\??\c:\windows\system32\drivers\sjevoitz.sys --> c:\windows\system32\drivers\sjevoitz.sys [?]
S1 skmbfbgo;skmbfbgo;\??\c:\windows\system32\drivers\skmbfbgo.sys --> c:\windows\system32\drivers\skmbfbgo.sys [?]
S1 skxcsuuh;skxcsuuh;\??\c:\windows\system32\drivers\skxcsuuh.sys --> c:\windows\system32\drivers\skxcsuuh.sys [?]
S1 snfrjhgg;snfrjhgg;\??\c:\windows\system32\drivers\snfrjhgg.sys --> c:\windows\system32\drivers\snfrjhgg.sys [?]
S1 srmnkifp;srmnkifp;\??\c:\windows\system32\drivers\srmnkifp.sys --> c:\windows\system32\drivers\srmnkifp.sys [?]
S1 ssumnawi;ssumnawi;\??\c:\windows\system32\drivers\ssumnawi.sys --> c:\windows\system32\drivers\ssumnawi.sys [?]
S1 svmqqisj;svmqqisj;\??\c:\windows\system32\drivers\svmqqisj.sys --> c:\windows\system32\drivers\svmqqisj.sys [?]
S1 swrjupve;swrjupve;\??\c:\windows\system32\drivers\swrjupve.sys --> c:\windows\system32\drivers\swrjupve.sys [?]
S1 tbxkmfrm;tbxkmfrm;\??\c:\windows\system32\drivers\tbxkmfrm.sys --> c:\windows\system32\drivers\tbxkmfrm.sys [?]
S1 tdfutjtq;tdfutjtq;\??\c:\windows\system32\drivers\tdfutjtq.sys --> c:\windows\system32\drivers\tdfutjtq.sys [?]
S1 tedckcdo;tedckcdo;\??\c:\windows\system32\drivers\tedckcdo.sys --> c:\windows\system32\drivers\tedckcdo.sys [?]
S1 tfomqnkc;tfomqnkc;\??\c:\windows\system32\drivers\tfomqnkc.sys --> c:\windows\system32\drivers\tfomqnkc.sys [?]
S1 thdsfxdl;thdsfxdl;\??\c:\windows\system32\drivers\thdsfxdl.sys --> c:\windows\system32\drivers\thdsfxdl.sys [?]
S1 tlnhnjii;tlnhnjii;\??\c:\windows\system32\drivers\tlnhnjii.sys --> c:\windows\system32\drivers\tlnhnjii.sys [?]
S1 tnmusbqj;tnmusbqj;\??\c:\windows\system32\drivers\tnmusbqj.sys --> c:\windows\system32\drivers\tnmusbqj.sys [?]
S1 ttdqngyc;ttdqngyc;\??\c:\windows\system32\drivers\ttdqngyc.sys --> c:\windows\system32\drivers\ttdqngyc.sys [?]
S1 tvburbct;tvburbct;\??\c:\windows\system32\drivers\tvburbct.sys --> c:\windows\system32\drivers\tvburbct.sys [?]
S1 twaqegom;twaqegom;\??\c:\windows\system32\drivers\twaqegom.sys --> c:\windows\system32\drivers\twaqegom.sys [?]
S1 tzbqqrlv;tzbqqrlv;\??\c:\windows\system32\drivers\tzbqqrlv.sys --> c:\windows\system32\drivers\tzbqqrlv.sys [?]
S1 uajhhqsm;uajhhqsm;\??\c:\windows\system32\drivers\uajhhqsm.sys --> c:\windows\system32\drivers\uajhhqsm.sys [?]
S1 ucjafeph;ucjafeph;\??\c:\windows\system32\drivers\ucjafeph.sys --> c:\windows\system32\drivers\ucjafeph.sys [?]
S1 ugnlmofu;ugnlmofu;\??\c:\windows\system32\drivers\ugnlmofu.sys --> c:\windows\system32\drivers\ugnlmofu.sys [?]
S1 ulwsnbyh;ulwsnbyh;\??\c:\windows\system32\drivers\ulwsnbyh.sys --> c:\windows\system32\drivers\ulwsnbyh.sys [?]
S1 uqjbbvdp;uqjbbvdp;\??\c:\windows\system32\drivers\uqjbbvdp.sys --> c:\windows\system32\drivers\uqjbbvdp.sys [?]
S1 utbwutan;utbwutan;\??\c:\windows\system32\drivers\utbwutan.sys --> c:\windows\system32\drivers\utbwutan.sys [?]
S1 vczxjpbc;vczxjpbc;\??\c:\windows\system32\drivers\vczxjpbc.sys --> c:\windows\system32\drivers\vczxjpbc.sys [?]
S1 vdlbmgjx;vdlbmgjx;\??\c:\windows\system32\drivers\vdlbmgjx.sys --> c:\windows\system32\drivers\vdlbmgjx.sys [?]
S1 vfxbpegm;vfxbpegm;\??\c:\windows\system32\drivers\vfxbpegm.sys --> c:\windows\system32\drivers\vfxbpegm.sys [?]
S1 vhujukpm;vhujukpm;\??\c:\windows\system32\drivers\vhujukpm.sys --> c:\windows\system32\drivers\vhujukpm.sys [?]
S1 vkumlwxs;vkumlwxs;\??\c:\windows\system32\drivers\vkumlwxs.sys --> c:\windows\system32\drivers\vkumlwxs.sys [?]
S1 vkznjiub;vkznjiub;\??\c:\windows\system32\drivers\vkznjiub.sys --> c:\windows\system32\drivers\vkznjiub.sys [?]
S1 vuirbido;vuirbido;\??\c:\windows\system32\drivers\vuirbido.sys --> c:\windows\system32\drivers\vuirbido.sys [?]
S1 vvckvaga;vvckvaga;\??\c:\windows\system32\drivers\vvckvaga.sys --> c:\windows\system32\drivers\vvckvaga.sys [?]
S1 vxuwgawa;vxuwgawa;\??\c:\windows\system32\drivers\vxuwgawa.sys --> c:\windows\system32\drivers\vxuwgawa.sys [?]
S1 wadyeqyg;wadyeqyg;\??\c:\windows\system32\drivers\wadyeqyg.sys --> c:\windows\system32\drivers\wadyeqyg.sys [?]
S1 wbablmwv;wbablmwv;\??\c:\windows\system32\drivers\wbablmwv.sys --> c:\windows\system32\drivers\wbablmwv.sys [?]
S1 wofvpqzl;wofvpqzl;\??\c:\windows\system32\drivers\wofvpqzl.sys --> c:\windows\system32\drivers\wofvpqzl.sys [?]
S1 wppirsun;wppirsun;\??\c:\windows\system32\drivers\wppirsun.sys --> c:\windows\system32\drivers\wppirsun.sys [?]
S1 wrmrofut;wrmrofut;\??\c:\windows\system32\drivers\wrmrofut.sys --> c:\windows\system32\drivers\wrmrofut.sys [?]
S1 wtdjdqid;wtdjdqid;\??\c:\windows\system32\drivers\wtdjdqid.sys --> c:\windows\system32\drivers\wtdjdqid.sys [?]
S1 wtvacvzb;wtvacvzb;\??\c:\windows\system32\drivers\wtvacvzb.sys --> c:\windows\system32\drivers\wtvacvzb.sys [?]
S1 wwkfrcbb;wwkfrcbb;\??\c:\windows\system32\drivers\wwkfrcbb.sys --> c:\windows\system32\drivers\wwkfrcbb.sys [?]
S1 xbldeneb;xbldeneb;\??\c:\windows\system32\drivers\xbldeneb.sys --> c:\windows\system32\drivers\xbldeneb.sys [?]
S1 xcigjhyz;xcigjhyz;\??\c:\windows\system32\drivers\xcigjhyz.sys --> c:\windows\system32\drivers\xcigjhyz.sys [?]
S1 xfmnmwpo;xfmnmwpo;\??\c:\windows\system32\drivers\xfmnmwpo.sys --> c:\windows\system32\drivers\xfmnmwpo.sys [?]
S1 xoyuvtlo;xoyuvtlo;\??\c:\windows\system32\drivers\xoyuvtlo.sys --> c:\windows\system32\drivers\xoyuvtlo.sys [?]
S1 xsoebmem;xsoebmem;\??\c:\windows\system32\drivers\xsoebmem.sys --> c:\windows\system32\drivers\xsoebmem.sys [?]
S1 xukuglfx;xukuglfx;\??\c:\windows\system32\drivers\xukuglfx.sys --> c:\windows\system32\drivers\xukuglfx.sys [?]
S1 ybgxjqjd;ybgxjqjd;\??\c:\windows\system32\drivers\ybgxjqjd.sys --> c:\windows\system32\drivers\ybgxjqjd.sys [?]
S1 yecpfadc;yecpfadc;\??\c:\windows\system32\drivers\yecpfadc.sys --> c:\windows\system32\drivers\yecpfadc.sys [?]
S1 yesmmltm;yesmmltm;\??\c:\windows\system32\drivers\yesmmltm.sys --> c:\windows\system32\drivers\yesmmltm.sys [?]
S1 ygnspvos;ygnspvos;\??\c:\windows\system32\drivers\ygnspvos.sys --> c:\windows\system32\drivers\ygnspvos.sys [?]
S1 ymnsqtoz;ymnsqtoz;\??\c:\windows\system32\drivers\ymnsqtoz.sys --> c:\windows\system32\drivers\ymnsqtoz.sys [?]
S1 yobailmm;yobailmm;\??\c:\windows\system32\drivers\yobailmm.sys --> c:\windows\system32\drivers\yobailmm.sys [?]
S1 ypvvjant;ypvvjant;\??\c:\windows\system32\drivers\ypvvjant.sys --> c:\windows\system32\drivers\ypvvjant.sys [?]
S1 yqdeoyua;yqdeoyua;\??\c:\windows\system32\drivers\yqdeoyua.sys --> c:\windows\system32\drivers\yqdeoyua.sys [?]
S1 yqiygukj;yqiygukj;\??\c:\windows\system32\drivers\yqiygukj.sys --> c:\windows\system32\drivers\yqiygukj.sys [?]
S1 yutjubgp;yutjubgp;\??\c:\windows\system32\drivers\yutjubgp.sys --> c:\windows\system32\drivers\yutjubgp.sys [?]
S1 yuxqivpi;yuxqivpi;\??\c:\windows\system32\drivers\yuxqivpi.sys --> c:\windows\system32\drivers\yuxqivpi.sys [?]
S1 zjjaxqnu;zjjaxqnu;\??\c:\windows\system32\drivers\zjjaxqnu.sys --> c:\windows\system32\drivers\zjjaxqnu.sys [?]
S1 zjmtdqbc;zjmtdqbc;\??\c:\windows\system32\drivers\zjmtdqbc.sys --> c:\windows\system32\drivers\zjmtdqbc.sys [?]
S1 zkmfcpcb;zkmfcpcb;\??\c:\windows\system32\drivers\zkmfcpcb.sys --> c:\windows\system32\drivers\zkmfcpcb.sys [?]
S1 zmdhmrwh;zmdhmrwh;\??\c:\windows\system32\drivers\zmdhmrwh.sys --> c:\windows\system32\drivers\zmdhmrwh.sys [?]
S1 znpxpaul;znpxpaul;\??\c:\windows\system32\drivers\znpxpaul.sys --> c:\windows\system32\drivers\znpxpaul.sys [?]
S1 zpchuwir;zpchuwir;\??\c:\windows\system32\drivers\zpchuwir.sys --> c:\windows\system32\drivers\zpchuwir.sys [?]
S1 zpscoqns;zpscoqns;\??\c:\windows\system32\drivers\zpscoqns.sys --> c:\windows\system32\drivers\zpscoqns.sys [?]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/17/2010 7:24 PM 38224]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [4/17/2010 11:00 PM 365280]
S4 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [4/14/2010 1:27 PM 233136]
S4 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [4/14/2010 1:26 PM 70408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

2010-05-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-29 00:14]

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 21:59]

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 21:59]

2010-04-18 c:\windows\Tasks\ParetoLogic Privacy Controls_{909B82F6-4B2E-11DF-8BC0-001E377EE724}.job
- c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2009-12-02 00:46]

2010-05-01 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]

2010-05-05 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]

2010-05-06 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]

2010-05-02 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080129
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: buy-security-essentials.com
Trusted Zone: get-key-se10.com
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} - hxxp://72.54.245.186:8050/xplugLiteAL.cab
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-06 13:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1772)
c:\windows\system32\waveGina.dll
c:\windows\system32\AmRes_en.dll
c:\windows\system32\OEM_Resources.dll
c:\program files\Wave Systems Corp\Dell Preboot Manager\PrebootBiosManager.dll
c:\program files\Wave Systems Corp\Authentication Manager\AuthControl2.dll
c:\program files\Wave Systems Corp\Authentication Manager\AuthentecPlugin.dll
c:\windows\system32\ATSC70.dll
c:\program files\Wave Systems Corp\Authentication Manager\upek.dll
c:\windows\system32\BioAPI100.dll
c:\windows\system32\BIOAPI_MDS300.dll
c:\windows\system\tfmessbsp.dll

- - - - - - - > 'lsass.exe'(1828)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\program files\Wave Systems Corp\Common\CryptoManager.dll
c:\windows\system32\tcg15.dll
c:\windows\system32\Tsp1.dll
c:\windows\system32\wclient14.dll
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'Explorer.exe'(6040)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\stsystra.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-06 13:41:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-06 20:41

Pre-Run: 34,305,216,512 bytes free
Post-Run: 34,960,625,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E8A13F91DF6BDDDED80418692E4B1D77

#11 Elise

Bleepin' Blonde

Malware Study Hall Admin
60,831 posts
ONLINE

Gender:Female
Location:Romania
Local time:11:47 PM

Posted 07 May 2010 - 03:18 AM

Hello again,

Could you please let me know if you have been using TDSSKiller or The Avenger to try to clean this infection?

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

Malware analyst @ Emsisoft

#12 malibuskier

Topic Starter

Members
32 posts
OFFLINE

Local time:12:47 PM

Posted 07 May 2010 - 07:54 AM

I don't know what either of those programs are. Off the top of my head, I know that the machine has Spybot, Spyware Blaster, Spyware Doctor (I think is the name), Malwareblaster (I think), Windows Defender (I'm guessing) and a very old version of Adaware that has not been run in a while. I removed the Regcleaner program last night. I know the machine used to have Norton Antivirus and AVG but those have been removed. The machine is currently running Avast. Does this help?

Dave

#13 Elise

Bleepin' Blonde

Malware Study Hall Admin
60,831 posts
ONLINE

Gender:Female
Location:Romania
Local time:11:47 PM

Posted 07 May 2010 - 11:10 AM

No problem, there are a few very strange lines showing there; thats why I was wondering.

Could you please launch MBAM, update it first and run a full scan. Please post me the results.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

Malware analyst @ Emsisoft