Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown infection. Items added to Browser History


  • This topic is locked This topic is locked
49 replies to this topic

#31 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:11 PM

Posted 25 May 2010 - 01:33 AM

Hi,

Please post a fresh OTL logfile with the same custom scan as here

http://www.bleepingcomputer.com/forums/ind...t&p=1763455

and tell me how the system is running.

Logs looking good, we only have to change one thing.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

BC AdBot (Login to Remove)

 


#32 markphx

markphx
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 25 May 2010 - 09:17 PM

The system seems to be running fine. The OTL log is below.

It did "freeze" when I turned it on a few miniutes ago. Had to hard boot the system. That is the first time that has happened in a very long time, long before this current problem you've been helping with.

Kaspersky continues to come up with these, they appear to be related to your fixes. Correct?



Infected: Trojan program Rootkit.Win32.TDSS.ap c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp1373\a0120405.sys 109.5 KB

Infected: Trojan program Rootkit.Win32.TDSS.ap C:\WINDOWS\maxdriver\kl1.sys 109.5 KB

Infected: Trojan program Backdoor.Win32.Agent.asgt c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp1379\a0120863.dll 105 KB

Infected: Trojan program Rootkit.Win32.TDSS.ap c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp1371\a0119005.sys 109.5 KB

5/25/2010 6:49:36 PM File c:\documents and settings\linda & mark\desktop\schrauber.exe//PE_Patch.UPX/32788R22FWJFW\catchme.cfxxe: detected modification of virus 'Heur.Invader'.

5/25/2010 6:49:39 PM File c:\documents and settings\linda & mark\desktop\schrauber.exe//PE_Patch.UPX/32788R22FWJFW\FileKill.cfxxe: detected modification of virus 'Heur.Invader'.

Infected: Trojan program Rootkit.Win32.TDSS.ap c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp1371\a0119005.sys 109.5 KB



OTL logfile created on: 5/25/2010 6:47:42 PM - Run 3
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Linda & Mark\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 18.09 Gb Free Space | 24.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEDROOM
Current User Name: Linda & Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/19 18:16:24 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda & Mark\Desktop\OTL.exe
PRC - [2010/02/10 12:54:12 | 000,151,552 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/06/05 16:04:54 | 001,623,264 | ---- | M] (Memeo Inc.) -- C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
PRC - [2009/06/05 16:04:50 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2009/03/12 10:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\sfus.exe
PRC - [2009/03/12 10:43:48 | 000,326,792 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\sfagent.exe
PRC - [2008/12/20 07:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 07:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/27 15:06:54 | 000,753,664 | ---- | M] (Systems Integration 2) -- C:\WINDOWS\sprscore.exe
PRC - [2007/12/09 16:29:58 | 000,434,176 | ---- | M] (Systems Integration 2) -- C:\WINDOWS\rundys32.exe
PRC - [2007/12/01 17:27:29 | 001,246,088 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/06/28 12:51:38 | 000,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
PRC - [2007/05/29 17:57:13 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/01/18 13:20:26 | 000,190,008 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SystemTray\stxmenumgr.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/06 00:37:10 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2003/03/09 13:31:02 | 000,065,795 | R--- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/05/19 18:16:24 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda & Mark\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2007/12/09 16:25:04 | 000,131,072 | ---- | M] () -- C:\WINDOWS\winfsysrn.dll
MOD - [2007/06/28 12:51:50 | 000,091,400 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/10 12:54:12 | 000,151,552 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/06/05 16:04:50 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2009/03/12 10:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/12/01 17:27:29 | 001,246,088 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/06/28 12:51:38 | 000,218,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -- (AVP)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/06 07:23:48 | 001,095,184 | ---- | M] (SMART Technologies Inc.) [On_Demand | Stopped] -- C:\Program Files\SMART Board Software\SMARTBoardService.exe -- (SMART Board Service)
SRV - [2004/05/27 01:14:58 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2004/05/27 01:13:00 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2003/03/09 13:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/03/03 12:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/01/06 17:21:00 | 000,594,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8192su.sys -- (RTL8192su)
DRV - [2009/10/09 20:15:18 | 000,033,920 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\covpndrv.sys -- (urvpndrv)
DRV - [2009/10/09 20:15:13 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\urfltw2k.sys -- (f5ipfw)
DRV - [2009/02/04 18:58:15 | 000,194,320 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\klif.sys -- (klif)
DRV - [2008/12/16 23:02:08 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/16 23:01:44 | 006,364,440 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/12/16 23:01:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/16 23:00:14 | 000,768,024 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys -- (LVRS)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/05/28 18:03:28 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\kl1.svs -- (kl1)
DRV - [2008/04/13 11:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2008/04/13 11:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2008/04/13 11:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/04/04 14:58:26 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\klim5.sys -- (klim5)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/08 16:43:36 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/01/08 16:43:23 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/11/17 16:05:52 | 000,015,872 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2006/11/17 16:05:48 | 000,014,848 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0509.SYS -- (SSFS0509)
DRV - [2006/11/17 16:05:46 | 000,122,368 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/01/08 12:04:56 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 22:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/14 10:54:40 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/08/06 00:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 00:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 00:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 00:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 00:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 00:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 00:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 00:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 00:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 02:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/14 10:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 10:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 01:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2002/12/04 17:08:00 | 000,134,304 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AtlsVid.sys -- (EMATCORE)
DRV - [2002/12/03 10:48:00 | 000,021,504 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AtlsAud.sys -- (AtlsAud)
DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/17 20:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asapi.sys -- (Asapi)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3191E4CE-790E-42be-B2E0-223475263B7E}:6031.2009.1010.0301
FF - prefs.js..extensions.enabledItems: {DBBB3167-6E81-400f-BBFD-BD8921726F52}:6031.2009.1010.0304
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 17:09:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/17 12:24:31 | 000,000,000 | ---D | M]

[2009/02/02 18:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Mozilla\Extensions
[2010/05/02 13:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Mozilla\Firefox\Profiles\kcm9px1w.default\extensions
[2009/09/05 23:23:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Linda & Mark\Application Data\Mozilla\Firefox\Profiles\kcm9px1w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/16 16:07:23 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Documents and Settings\Linda & Mark\Application Data\Mozilla\Firefox\Profiles\kcm9px1w.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}
[2010/03/16 16:06:06 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Documents and Settings\Linda & Mark\Application Data\Mozilla\Firefox\Profiles\kcm9px1w.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2010/05/02 13:53:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/17 12:24:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/05/17 18:34:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll (SMART Technologies Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Memeo Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [SPAMfighter Agent] C:\Program Files\SPAMfighter\SFAgent.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [stezinit] C:\WINDOWS\sprscore.exe (Systems Integration 2)
O4 - HKLM..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Linda & Mark\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://support.cox.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} https://mcalink.mayo.edu/vdesk/terminal/f5o...0,2010,331,1206 (OPSWAT AntiViruses Class)
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} https://mcalink.mayo.edu/vdesk/cachecleaner...,2010,0122,2102 (F5 Networks CacheCleaner)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://mcalink.mayo.edu/vdesk/terminal/urx...1,2010,125,2117 (F5 Networks VPN Manager)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} https://mcalink.mayo.edu/vdesk/terminal/f5o...0,2010,331,1206 (OPSWAT FireWalls Class)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} http://www.imgag.com/cp/install/AxCtp.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://mcalink.mayo.edu/vdesk/terminal/f5t...,2009,1204,1610 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://mcalink.mayo.edu/vdesk/terminal/Ins...,2009,1204,1613 (F5 Networks Auto Update)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} https://mcalink.mayo.edu/vdesk/terminal/f5o...0,2010,331,1206 (OPSWAT ProcessesScanner Class)
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab (AXIDMDCP Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab (EPUImageControl Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://mcalink.mayo.edu/vdesk/terminal/f5I...,2009,1204,1603 (F5 Networks Policy Agent Host Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1144696486296 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWire...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} http://www.programchecker.com/dll/nixon.cab (Zenturi Active Programs Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://www.imgag.com/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://mcalink.mayo.edu/vdesk/terminal/urx...,2009,1204,1608 (F5 Networks SuperHost Class)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} http://vdi.mayo.edu/downloads/VMware-viewclient.cab (VMware_VDM_Client Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://mcalink.mayo.edu/vdesk/terminal/urx...,2009,1204,1604 (F5 Networks Host Control)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://kc.kyrene.org/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://mcalink.mayo.edu/policy/download_bi...,2010,0125,2111 (F5 Networks OS Policy Agent)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab (ActiveDataObj Class)
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} https://mcalink.mayo.edu/vdesk/terminal/f5o...0,2010,331,1206 (F5 Networks OPSWAT Helper Control)
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} http://216.249.24.62/code/iPIX-ImageWell-ipix.cab (iPIX Media Send Class)
O16 - DPF: PackageCab http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\SYSTEM32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Linda & Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Linda & Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/01/06 11:50:22 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/22 17:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/22 17:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2010/05/22 17:11:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\{3BDEAF49-D872-415F-919C-A2CCC962D8AE}
[2010/05/21 18:49:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/21 18:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/21 18:41:59 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Linda & Mark\Desktop\erunt-setup.exe
[2010/05/19 18:16:21 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Linda & Mark\Desktop\OTL.exe
[2010/05/19 10:40:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/11 16:56:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/11 16:46:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/11 16:46:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/11 16:46:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/11 16:46:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/11 16:44:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/11 16:40:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/09 10:57:43 | 000,220,024 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\sigcheck.exe
[2010/05/09 10:40:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver
[2010/05/08 22:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda & Mark\Desktop\Recovery CD
[2010/05/07 22:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/07 22:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/03 20:07:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda & Mark\Desktop\gmer
[2010/05/03 20:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda & Mark\Desktop\Log files
[2010/05/02 16:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/05/02 14:22:26 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/05/01 19:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda & Mark\Application Data\OpenOffice.org
[2010/05/01 19:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/05/01 19:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/04/17 12:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/11 11:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/03/18 13:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2010/03/18 13:23:10 | 000,010,752 | ---- | C] (F5 Networks) -- C:\WINDOWS\System32\drivers\urfltw2k.sys
[2010/03/18 13:17:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/18 13:17:16 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/13 08:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VMware
[2010/03/13 08:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda & Mark\Local Settings\Application Data\VMware
[2010/03/04 18:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda & Mark\My Documents\Downloads
[2010/02/28 10:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/25 18:50:43 | 000,044,832 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/05/25 18:50:04 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/05/25 18:48:12 | 005,118,496 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/05/25 18:44:00 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/05/25 18:44:00 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.ics
[2010/05/25 18:43:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/25 18:43:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/05/25 18:43:14 | 1608,568,832 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/25 18:43:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/05/25 18:43:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/05/24 22:31:48 | 000,482,924 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/05/24 22:31:32 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\ntuser.dat
[2010/05/24 22:31:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Linda & Mark\NTUSER.INI
[2010/05/22 18:15:46 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/05/22 18:15:41 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/05/21 18:42:02 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Linda & Mark\Desktop\erunt-setup.exe
[2010/05/19 18:16:24 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda & Mark\Desktop\OTL.exe
[2010/05/17 18:35:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/17 18:34:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/05/13 07:53:37 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2010/05/11 16:56:46 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/05/11 16:28:58 | 003,686,521 | R--- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\schrauber.exe
[2010/05/09 10:39:40 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\maxlook.exe
[2010/05/08 22:16:38 | 000,296,972 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\recovery_console_cd.zip
[2010/05/07 22:06:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/07 22:06:55 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/06 19:49:40 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\dds.scr
[2010/05/03 20:06:03 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\gmer.zip
[2010/05/02 14:47:40 | 000,002,433 | ---- | M] () -- C:\WINDOWS\dep32ceg.dll
[2010/05/02 14:44:27 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/02 13:39:35 | 000,129,760 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/02 13:38:23 | 000,420,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/01 19:25:03 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/04/28 21:20:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/24 15:38:25 | 000,001,716 | -H-- | M] () -- C:\Documents and Settings\Linda & Mark\My Documents\Default.rdp
[2010/04/24 15:18:35 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\Grades for Brandon Horner.doc
[2010/04/17 18:30:08 | 000,000,709 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.bak
[2010/04/17 16:30:11 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\Remote Desktop Connection.lnk
[2010/04/14 18:23:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/12 17:01:54 | 000,089,408 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\lakewood.jpg
[2010/04/10 15:18:47 | 003,321,880 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\DV_Spring2010.pdf
[2010/04/05 08:04:33 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\Outline_Format.doc
[2010/04/03 13:21:59 | 000,000,099 | ---- | M] () -- C:\WINDOWS\phd2dll.INI
[2010/03/25 22:08:11 | 000,023,597 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\Jenna 2010-2011 SAR.pdf
[2010/03/19 12:27:47 | 000,001,123 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/03/19 12:27:37 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
[2010/03/19 12:21:08 | 000,020,454 | ---- | M] () -- C:\WINDOWS\hpoins01.dat.temp
[2010/03/19 12:21:08 | 000,020,454 | ---- | M] () -- C:\WINDOWS\hpoins01.dat
[2010/03/19 12:15:24 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
[2010/03/18 14:38:31 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/18 14:38:31 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/18 14:38:29 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/18 13:16:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\f5wininfo-1209.INI
[2010/02/26 09:26:56 | 000,220,024 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\sigcheck.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/22 13:29:33 | 1608,568,832 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/11 16:56:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/11 16:56:30 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/11 16:46:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/11 16:46:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/11 16:46:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/11 16:46:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/11 16:46:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/11 16:28:58 | 003,686,521 | R--- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\schrauber.exe
[2010/05/09 10:39:40 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\maxlook.exe
[2010/05/08 22:16:37 | 000,296,972 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\recovery_console_cd.zip
[2010/05/07 22:06:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/07 22:06:55 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/06 19:49:40 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\dds.scr
[2010/05/03 20:06:02 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\gmer.zip
[2010/05/01 19:25:02 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/04/24 15:18:34 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\Grades for Brandon Horner.doc
[2010/04/17 16:30:11 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\Remote Desktop Connection.lnk
[2010/04/12 18:42:25 | 000,089,408 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\lakewood.jpg
[2010/04/10 15:18:47 | 003,321,880 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\DV_Spring2010.pdf
[2010/04/05 18:29:31 | 000,001,716 | -H-- | C] () -- C:\Documents and Settings\Linda & Mark\My Documents\Default.rdp
[2010/04/05 08:04:33 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\Outline_Format.doc
[2010/03/25 22:08:11 | 000,023,597 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\Jenna 2010-2011 SAR.pdf
[2010/03/19 12:27:37 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
[2010/03/19 12:15:24 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
[2010/03/19 12:01:09 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2010/03/19 12:01:09 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2010/03/18 13:16:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\f5wininfo-1209.INI
[2010/03/17 17:18:11 | 009,961,472 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\ntuser.dat
[2009/08/05 18:39:55 | 000,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/04/30 18:57:43 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/04/30 18:57:42 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/10 17:48:09 | 000,000,025 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/08/31 12:30:55 | 000,002,346 | ---- | C] () -- C:\WINDOWS\System32\LXusbpdr.ini
[2008/08/21 21:48:50 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/04/28 09:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/03/18 19:57:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\spr32snl.dll
[2008/03/18 19:57:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iopb32ul.dll
[2008/03/18 19:57:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iopa32ul.dll
[2008/02/11 21:23:14 | 000,131,072 | ---- | C] () -- C:\WINDOWS\winfsysrn.dll
[2007/12/02 21:14:57 | 000,002,433 | ---- | C] () -- C:\WINDOWS\dep32ceg.dll
[2007/04/01 17:36:57 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/02/22 21:29:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/01 16:57:09 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/01/01 16:57:09 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/12/12 09:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/08/28 19:27:43 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2006/04/01 15:06:20 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\islzma.dll
[2006/04/01 15:06:10 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/01 15:06:10 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/01/17 15:42:43 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2005/12/16 11:57:55 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\msvcf5bf.sys
[2005/09/26 12:53:39 | 000,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2005/04/19 20:55:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\ph401.dll
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/01/31 22:03:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlsz.INI
[2004/12/27 15:42:36 | 000,000,615 | ---- | C] () -- C:\WINDOWS\tlknw20.ini
[2004/10/12 18:27:27 | 000,000,099 | ---- | C] () -- C:\WINDOWS\phd2dll.INI
[2004/09/01 06:42:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2004/09/01 06:42:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\BiImg.dll
[2004/09/01 06:42:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll
[2004/09/01 06:42:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\JPeg32.dll
[2004/09/01 06:42:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\BiEResNT.dll
[2004/09/01 06:42:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Bic_Res.dll
[2004/09/01 06:42:44 | 000,000,072 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2004/07/31 14:00:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2004/06/12 19:35:40 | 000,004,512 | ---- | C] () -- C:\WINDOWS\hmew.dll
[2004/06/12 19:35:40 | 000,000,259 | ---- | C] () -- C:\WINDOWS\CHICKA.INI
[2004/06/12 19:35:39 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\SH22W16.DLL
[2004/06/12 18:04:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/03/20 20:35:14 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2004/03/10 20:47:52 | 000,010,962 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/02/18 14:40:13 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/01/23 10:09:13 | 000,000,080 | ---- | C] () -- C:\WINDOWS\OFXDATE.INI
[2004/01/21 19:04:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/01/21 19:04:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/01/21 08:51:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/01/21 08:31:52 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/01/20 22:34:02 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004/01/15 20:48:50 | 000,000,166 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2004/01/15 18:52:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/15 18:30:18 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/01/06 12:51:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/06 12:35:04 | 000,000,176 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/01/06 12:31:52 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/06 12:13:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/06 12:13:35 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/06 11:55:42 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/13 22:13:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2001/10/24 16:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[1999/01/22 11:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/23 19:36:00 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
[1998/01/12 01:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2008/03/23 09:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2009/03/21 14:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/05/10 11:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2005/05/05 21:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2004/01/15 18:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/03/16 10:23:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/04/11 11:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2007/03/25 21:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies Inc
[2010/02/02 22:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/02/27 16:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/04/30 18:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/02/10 10:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zenturi
[2008/12/31 12:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2005/09/07 20:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Aim
[2006/03/09 22:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Alawar
[2007/05/12 16:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\FileOpen
[2010/03/12 21:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\ICAClient
[2006/12/06 19:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Juniper Networks
[2004/03/21 11:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Leadertech
[2009/05/10 11:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Memeo
[2005/10/29 09:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Musicmatch
[2010/05/01 19:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\OpenOffice.org
[2007/03/25 21:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\SMART Technologies Inc
[2006/10/26 21:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\SmartDraw
[2008/08/03 12:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\SPAMfighter
[2007/03/21 20:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Template
[2007/06/29 17:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Walgreens

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/20 18:59:30 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/08/20 20:21:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2004/08/20 18:59:30 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/20 20:21:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\maxdriver\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 12:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2004/08/20 18:59:30 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/08/20 20:21:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2004/08/20 18:59:30 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/20 20:21:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 00:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2002/08/29 00:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\maxdriver\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 22:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2003/04/23 08:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 00:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2002/08/29 04:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 04:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2004/08/04 00:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2002/08/29 04:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/09/03 07:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 07:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 07:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemdrive%\*.sys /90 /md5 >
[2010/05/25 18:43:14 | 1608,568,832 | -HS- | M] () Unable to obtain MD5 -- C:\hiberfil.sys
[2010/05/25 18:43:07 | 805,306,368 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kl1 >
"Type" = 1
"Start" = 0
"ErrorControl" = 1
"ImagePath" = System32\Drivers\kl1.svs -- [2008/05/28 18:03:28 | 000,112,144 | ---- | M] (Kaspersky Lab)
"DisplayName" = Kl1
"Description" = Kl1
"UseKlim" = klim5
"StartDate" = 5A 76 2F AA 73 FC CA 01 [binary data]
"InData" = CB 1C 00 00 00 00 00 00 [binary data]
"OutData" = 1A 09 00 00 00 00 00 00 [binary data]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kl1\$%&'()*+,-.]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kl1\DropConn]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kl1\Parameters]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kl1\Security]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kl1\Enum]

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3741C791
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B
< End of report >




#33 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:11 PM

Posted 27 May 2010 - 01:51 AM

Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :reg
    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kl1]
    "ImagePath"=hex(2):System32\Drivers\kl1.sys
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please run OTL with the same custom scan again and post the logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#34 markphx

markphx
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 27 May 2010 - 09:14 PM

Tom,

Sorry for dragging this out, but I want to be careful.

1. I ran the fix in OTL but it froze up (see below) and was inactive for abour 30 minutes. I stopped OTL with Task Manager.

I wanted to tell you before trying again.

2. When you say to run OTL with the same custom scan after doing the fix above, do you mean this scan

http://www.bleepingcomputer.com/forums/ind...t&p=1763455

or repeat the most recent fix that you had me run (see #1) a second time?

Thanks.






#35 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:11 PM

Posted 28 May 2010 - 10:11 PM

Please do not try it again, just run OTL scan again with the custom scan you linked to smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#36 markphx

markphx
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 29 May 2010 - 12:29 AM

Here's the scan log.


OTL logfile created on: 5/28/2010 9:44:38 PM - Run 4
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Linda & Mark\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 17.91 Gb Free Space | 24.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEDROOM
Current User Name: Linda & Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/19 18:16:24 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda & Mark\Desktop\OTL.exe
PRC - [2010/02/10 12:54:12 | 000,151,552 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/06/05 16:04:54 | 001,623,264 | ---- | M] (Memeo Inc.) -- C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
PRC - [2009/06/05 16:04:50 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2009/03/12 10:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\sfus.exe
PRC - [2009/03/12 10:43:48 | 000,326,792 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\sfagent.exe
PRC - [2008/12/20 07:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 07:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/27 15:06:54 | 000,753,664 | ---- | M] (Systems Integration 2) -- C:\WINDOWS\sprscore.exe
PRC - [2007/12/09 16:29:58 | 000,434,176 | ---- | M] (Systems Integration 2) -- C:\WINDOWS\rundys32.exe
PRC - [2007/12/01 17:27:29 | 001,246,088 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/06/28 12:51:38 | 000,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
PRC - [2007/05/29 17:57:13 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/01/18 13:20:26 | 000,190,008 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SystemTray\stxmenumgr.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/06 00:37:10 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2003/03/09 13:31:02 | 000,065,795 | R--- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/05/19 18:16:24 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda & Mark\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2007/12/09 16:25:04 | 000,131,072 | ---- | M] () -- C:\WINDOWS\winfsysrn.dll
MOD - [2007/06/28 12:51:50 | 000,091,400 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/10 12:54:12 | 000,151,552 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/06/05 16:04:50 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2009/03/12 10:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/12/01 17:27:29 | 001,246,088 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/06/28 12:51:38 | 000,218,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -- (AVP)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/06 07:23:48 | 001,095,184 | ---- | M] (SMART Technologies Inc.) [On_Demand | Stopped] -- C:\Program Files\SMART Board Software\SMARTBoardService.exe -- (SMART Board Service)
SRV - [2004/05/27 01:14:58 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2004/05/27 01:13:00 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2003/03/09 13:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/03/03 12:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/01/06 17:21:00 | 000,594,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8192su.sys -- (RTL8192su)
DRV - [2009/10/09 20:15:18 | 000,033,920 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\covpndrv.sys -- (urvpndrv)
DRV - [2009/10/09 20:15:13 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\urfltw2k.sys -- (f5ipfw)
DRV - [2009/02/04 18:58:15 | 000,194,320 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\klif.sys -- (klif)
DRV - [2008/12/16 23:02:08 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/16 23:01:44 | 006,364,440 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/12/16 23:01:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/16 23:00:14 | 000,768,024 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys -- (LVRS)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/05/28 18:03:28 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\kl1.svs -- (kl1)
DRV - [2008/04/13 11:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2008/04/13 11:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2008/04/13 11:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/04/04 14:58:26 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\klim5.sys -- (klim5)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/08 16:43:36 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/01/08 16:43:23 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/11/17 16:05:52 | 000,015,872 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2006/11/17 16:05:48 | 000,014,848 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0509.SYS -- (SSFS0509)
DRV - [2006/11/17 16:05:46 | 000,122,368 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/01/08 12:04:56 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 22:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/14 10:54:40 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/08/06 00:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 00:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 00:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 00:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 00:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 00:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 00:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 00:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 00:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 02:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/14 10:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 10:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 01:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2002/12/04 17:08:00 | 000,134,304 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AtlsVid.sys -- (EMATCORE)
DRV - [2002/12/03 10:48:00 | 000,021,504 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AtlsAud.sys -- (AtlsAud)
DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/17 20:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asapi.sys -- (Asapi)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3191E4CE-790E-42be-B2E0-223475263B7E}:6031.2009.1010.0301
FF - prefs.js..extensions.enabledItems: {DBBB3167-6E81-400f-BBFD-BD8921726F52}:6031.2009.1010.0304
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 17:09:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/17 12:24:31 | 000,000,000 | ---D | M]

[2009/02/02 18:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Mozilla\Extensions
[2010/05/02 13:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Mozilla\Firefox\Profiles\kcm9px1w.default\extensions
[2009/09/05 23:23:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Linda & Mark\Application Data\Mozilla\Firefox\Profiles\kcm9px1w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/16 16:07:23 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Documents and Settings\Linda & Mark\Application Data\Mozilla\Firefox\Profiles\kcm9px1w.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}
[2010/03/16 16:06:06 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Documents and Settings\Linda & Mark\Application Data\Mozilla\Firefox\Profiles\kcm9px1w.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2010/05/02 13:53:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/17 12:24:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/05/17 18:34:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll (SMART Technologies Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Memeo Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [SPAMfighter Agent] C:\Program Files\SPAMfighter\SFAgent.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [stezinit] C:\WINDOWS\sprscore.exe (Systems Integration 2)
O4 - HKLM..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Linda & Mark\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - C:\Program Files\Microsoft Office\Office\1033\PHDINTL.DLL (Microsoft Corporation)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://support.cox.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} https://mcalink.mayo.edu/vdesk/terminal/f5o...0,2010,331,1206 (OPSWAT AntiViruses Class)
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} https://mcalink.mayo.edu/vdesk/cachecleaner...,2010,0122,2102 (F5 Networks CacheCleaner)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://mcalink.mayo.edu/vdesk/terminal/urx...1,2010,125,2117 (F5 Networks VPN Manager)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} https://mcalink.mayo.edu/vdesk/terminal/f5o...0,2010,331,1206 (OPSWAT FireWalls Class)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} http://www.imgag.com/cp/install/AxCtp.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://mcalink.mayo.edu/vdesk/terminal/f5t...,2009,1204,1610 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://mcalink.mayo.edu/vdesk/terminal/Ins...,2009,1204,1613 (F5 Networks Auto Update)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} https://mcalink.mayo.edu/vdesk/terminal/f5o...0,2010,331,1206 (OPSWAT ProcessesScanner Class)
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab (AXIDMDCP Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab (EPUImageControl Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://mcalink.mayo.edu/vdesk/terminal/f5I...,2009,1204,1603 (F5 Networks Policy Agent Host Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1144696486296 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWire...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} http://www.programchecker.com/dll/nixon.cab (Zenturi Active Programs Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://www.imgag.com/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://mcalink.mayo.edu/vdesk/terminal/urx...,2009,1204,1608 (F5 Networks SuperHost Class)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} http://vdi.mayo.edu/downloads/VMware-viewclient.cab (VMware_VDM_Client Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://mcalink.mayo.edu/vdesk/terminal/urx...,2009,1204,1604 (F5 Networks Host Control)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://kc.kyrene.org/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://mcalink.mayo.edu/policy/download_bi...,2010,0125,2111 (F5 Networks OS Policy Agent)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab (ActiveDataObj Class)
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} https://mcalink.mayo.edu/vdesk/terminal/f5o...0,2010,331,1206 (F5 Networks OPSWAT Helper Control)
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} http://216.249.24.62/code/iPIX-ImageWell-ipix.cab (iPIX Media Send Class)
O16 - DPF: PackageCab http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\SYSTEM32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Linda & Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Linda & Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/01/06 11:50:22 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/22 17:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/22 17:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2010/05/22 17:11:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\{3BDEAF49-D872-415F-919C-A2CCC962D8AE}
[2010/05/21 18:49:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/21 18:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/21 18:41:59 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Linda & Mark\Desktop\erunt-setup.exe
[2010/05/19 18:16:21 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Linda & Mark\Desktop\OTL.exe
[2010/05/19 10:40:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/11 16:56:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/11 16:46:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/11 16:46:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/11 16:46:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/11 16:46:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/11 16:44:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/11 16:40:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/09 10:57:43 | 000,220,024 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\sigcheck.exe
[2010/05/09 10:40:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver
[2010/05/08 22:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda & Mark\Desktop\Recovery CD
[2010/05/07 22:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/07 22:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/03 20:07:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda & Mark\Desktop\gmer
[2010/05/03 20:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda & Mark\Desktop\Log files
[2010/05/02 16:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/05/02 14:22:26 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/05/01 19:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda & Mark\Application Data\OpenOffice.org
[2010/05/01 19:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/05/01 19:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/04/17 12:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/11 11:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/03/18 13:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2010/03/18 13:23:10 | 000,010,752 | ---- | C] (F5 Networks) -- C:\WINDOWS\System32\drivers\urfltw2k.sys
[2010/03/18 13:17:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/18 13:17:16 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/13 08:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VMware
[2010/03/13 08:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda & Mark\Local Settings\Application Data\VMware
[2010/03/04 18:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda & Mark\My Documents\Downloads
[2010/02/28 10:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/28 21:46:16 | 000,030,496 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/05/28 21:45:58 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/05/28 21:44:57 | 005,124,640 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/05/28 17:39:09 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/05/28 17:37:06 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.ics
[2010/05/28 17:36:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/28 17:36:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/05/28 17:36:49 | 1608,568,832 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/28 17:36:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/05/28 17:36:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/05/28 06:29:33 | 000,483,452 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/05/28 06:29:27 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\ntuser.dat
[2010/05/28 06:29:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Linda & Mark\NTUSER.INI
[2010/05/26 21:20:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/23 18:04:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/22 18:15:46 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/05/22 18:15:41 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/05/21 18:42:02 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Linda & Mark\Desktop\erunt-setup.exe
[2010/05/19 18:16:24 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda & Mark\Desktop\OTL.exe
[2010/05/17 18:35:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/17 18:34:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/05/13 07:53:37 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2010/05/11 16:56:46 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/05/11 16:28:58 | 003,686,521 | R--- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\schrauber.exe
[2010/05/09 10:39:40 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\maxlook.exe
[2010/05/08 22:16:38 | 000,296,972 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\recovery_console_cd.zip
[2010/05/07 22:06:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/07 22:06:55 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/06 19:49:40 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\dds.scr
[2010/05/03 20:06:03 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\gmer.zip
[2010/05/02 14:47:40 | 000,002,433 | ---- | M] () -- C:\WINDOWS\dep32ceg.dll
[2010/05/02 14:44:27 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/02 13:39:35 | 000,129,760 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/02 13:38:23 | 000,420,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/01 19:25:03 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/24 15:38:25 | 000,001,716 | -H-- | M] () -- C:\Documents and Settings\Linda & Mark\My Documents\Default.rdp
[2010/04/24 15:18:35 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\Grades for Brandon Horner.doc
[2010/04/17 18:30:08 | 000,000,709 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.bak
[2010/04/17 16:30:11 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\Remote Desktop Connection.lnk
[2010/04/12 17:01:54 | 000,089,408 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\lakewood.jpg
[2010/04/10 15:18:47 | 003,321,880 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\DV_Spring2010.pdf
[2010/04/05 08:04:33 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\Outline_Format.doc
[2010/04/03 13:21:59 | 000,000,099 | ---- | M] () -- C:\WINDOWS\phd2dll.INI
[2010/03/25 22:08:11 | 000,023,597 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\Jenna 2010-2011 SAR.pdf
[2010/03/19 12:27:47 | 000,001,123 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/03/19 12:27:37 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
[2010/03/19 12:21:08 | 000,020,454 | ---- | M] () -- C:\WINDOWS\hpoins01.dat.temp
[2010/03/19 12:21:08 | 000,020,454 | ---- | M] () -- C:\WINDOWS\hpoins01.dat
[2010/03/19 12:15:24 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
[2010/03/18 14:38:31 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/18 14:38:31 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/18 14:38:29 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/18 13:16:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\f5wininfo-1209.INI
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/22 13:29:33 | 1608,568,832 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/11 16:56:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/11 16:56:30 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/11 16:46:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/11 16:46:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/11 16:46:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/11 16:46:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/11 16:46:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/11 16:28:58 | 003,686,521 | R--- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\schrauber.exe
[2010/05/09 10:39:40 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\maxlook.exe
[2010/05/08 22:16:37 | 000,296,972 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\recovery_console_cd.zip
[2010/05/07 22:06:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/07 22:06:55 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/06 19:49:40 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\dds.scr
[2010/05/03 20:06:02 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\gmer.zip
[2010/05/01 19:25:02 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/04/24 15:18:34 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\Grades for Brandon Horner.doc
[2010/04/17 16:30:11 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\Remote Desktop Connection.lnk
[2010/04/12 18:42:25 | 000,089,408 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\lakewood.jpg
[2010/04/10 15:18:47 | 003,321,880 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\DV_Spring2010.pdf
[2010/04/05 18:29:31 | 000,001,716 | -H-- | C] () -- C:\Documents and Settings\Linda & Mark\My Documents\Default.rdp
[2010/04/05 08:04:33 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\Outline_Format.doc
[2010/03/25 22:08:11 | 000,023,597 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\Jenna 2010-2011 SAR.pdf
[2010/03/19 12:27:37 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
[2010/03/19 12:15:24 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
[2010/03/19 12:01:09 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2010/03/19 12:01:09 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2010/03/18 13:16:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\f5wininfo-1209.INI
[2010/03/17 17:18:11 | 009,961,472 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\ntuser.dat
[2009/08/05 18:39:55 | 000,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/04/30 18:57:43 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/04/30 18:57:42 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/10 17:48:09 | 000,000,025 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/08/31 12:30:55 | 000,002,346 | ---- | C] () -- C:\WINDOWS\System32\LXusbpdr.ini
[2008/08/21 21:48:50 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/04/28 09:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/03/18 19:57:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\spr32snl.dll
[2008/03/18 19:57:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iopb32ul.dll
[2008/03/18 19:57:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iopa32ul.dll
[2008/02/11 21:23:14 | 000,131,072 | ---- | C] () -- C:\WINDOWS\winfsysrn.dll
[2007/12/02 21:14:57 | 000,002,433 | ---- | C] () -- C:\WINDOWS\dep32ceg.dll
[2007/04/01 17:36:57 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/02/22 21:29:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/01 16:57:09 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/01/01 16:57:09 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/12/12 09:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/08/28 19:27:43 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2006/04/01 15:06:20 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\islzma.dll
[2006/04/01 15:06:10 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/01 15:06:10 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/01/17 15:42:43 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2005/12/16 11:57:55 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\msvcf5bf.sys
[2005/09/26 12:53:39 | 000,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2005/04/19 20:55:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\ph401.dll
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/01/31 22:03:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlsz.INI
[2004/12/27 15:42:36 | 000,000,615 | ---- | C] () -- C:\WINDOWS\tlknw20.ini
[2004/10/12 18:27:27 | 000,000,099 | ---- | C] () -- C:\WINDOWS\phd2dll.INI
[2004/09/01 06:42:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2004/09/01 06:42:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\BiImg.dll
[2004/09/01 06:42:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll
[2004/09/01 06:42:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\JPeg32.dll
[2004/09/01 06:42:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\BiEResNT.dll
[2004/09/01 06:42:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Bic_Res.dll
[2004/09/01 06:42:44 | 000,000,072 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2004/07/31 14:00:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2004/06/12 19:35:40 | 000,004,512 | ---- | C] () -- C:\WINDOWS\hmew.dll
[2004/06/12 19:35:40 | 000,000,259 | ---- | C] () -- C:\WINDOWS\CHICKA.INI
[2004/06/12 19:35:39 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\SH22W16.DLL
[2004/06/12 18:04:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/03/20 20:35:14 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2004/03/10 20:47:52 | 000,010,962 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/02/18 14:40:13 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/01/23 10:09:13 | 000,000,080 | ---- | C] () -- C:\WINDOWS\OFXDATE.INI
[2004/01/21 19:04:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/01/21 19:04:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/01/21 08:51:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/01/21 08:31:52 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/01/20 22:34:02 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004/01/15 20:48:50 | 000,000,166 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2004/01/15 18:52:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/15 18:30:18 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/01/06 12:51:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/06 12:35:04 | 000,000,176 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/01/06 12:31:52 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/06 12:13:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/06 12:13:35 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/06 11:55:42 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/13 22:13:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2001/10/24 16:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[1999/01/22 11:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/23 19:36:00 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
[1998/01/12 01:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2008/03/23 09:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2009/03/21 14:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/05/10 11:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2005/05/05 21:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2004/01/15 18:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/03/16 10:23:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/04/11 11:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2007/03/25 21:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies Inc
[2010/02/02 22:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/02/27 16:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/04/30 18:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/02/10 10:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zenturi
[2008/12/31 12:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2005/09/07 20:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Aim
[2006/03/09 22:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Alawar
[2007/05/12 16:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\FileOpen
[2010/03/12 21:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\ICAClient
[2006/12/06 19:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Juniper Networks
[2004/03/21 11:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Leadertech
[2009/05/10 11:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Memeo
[2005/10/29 09:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Musicmatch
[2010/05/01 19:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\OpenOffice.org
[2007/03/25 21:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\SMART Technologies Inc
[2006/10/26 21:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\SmartDraw
[2008/08/03 12:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\SPAMfighter
[2007/03/21 20:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Template
[2007/06/29 17:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Walgreens

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/20 18:59:30 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/08/20 20:21:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2004/08/20 18:59:30 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/20 20:21:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\maxdriver\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 12:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2004/08/20 18:59:30 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/08/20 20:21:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2004/08/20 18:59:30 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/20 20:21:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 00:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2002/08/29 00:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\maxdriver\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 22:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2003/04/23 08:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 00:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2002/08/29 04:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 04:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2004/08/04 00:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2002/08/29 04:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/09/03 07:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 07:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 07:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemdrive%\*.sys /90 /md5 >
[2010/05/28 17:36:49 | 1608,568,832 | -HS- | M] () Unable to obtain MD5 -- C:\hiberfil.sys
[2010/05/28 17:36:41 | 805,306,368 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kl1 >
"Type" = 1
"Start" = 0
"ErrorControl" = 1
"ImagePath" = System32\Drivers\kl1.svs -- [2008/05/28 18:03:28 | 000,112,144 | ---- | M] (Kaspersky Lab)
"DisplayName" = Kl1
"Description" = Kl1
"UseKlim" = klim5
"StartDate" = D4 DC A1 01 C7 FE CA 01 [binary data]
"InData" = 26 25 01 00 00 00 00 00 [binary data]
"OutData" = 1A A0 01 00 00 00 00 00 [binary data]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kl1\$%&'()*+,-.]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kl1\DropConn]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kl1\Parameters]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kl1\Security]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kl1\Enum]

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3741C791
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B
< End of report >


#37 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:11 PM

Posted 29 May 2010 - 10:24 AM


Hi,

OK! Let's do the following manually.

Start>> Run >>Type regedit>> and press enter Then the Registry Editor should prompt. Navigate to and expand the following entry and Click on atapi in the left pane.

HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kl1

Double click the Image Path in the right pane, Edit String window should prompt. please edit system32\drivers\kl1.svs to system32\DRIVERS\kl1.sys

The right one should be system32\DRIVERS\kl1.sys. Click OK and Restart your pc and recheck if the Image Path data is the right one.


Please post a fresh OTL logfile with the same custom scan again.


regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#38 markphx

markphx
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 29 May 2010 - 12:50 PM

Hello.

I cannot find this entry.

HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kl1

It does appear under ControlSet002, ControlSet4 and CurrentControlSet (all with the .svs extension). I did not edit those entries.


Also, I am not clear as to what point to click on atapi.

Thank you.




#39 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:11 PM

Posted 31 May 2010 - 02:50 PM

Sorry,

please change HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\kl1 to Imagepath: kl1.sys.

Reboot and post back with a fresh OTL logfile with the same custom scan as the last time.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#40 markphx

markphx
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 31 May 2010 - 03:17 PM

Tried to change the imagepath here HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\kl1 from

system32\drivers\kl1.svs to system32\drivers\kl1.sys but got his error:




Rebooted the PC and the .svs imagepath is still there.

I have not yet run a fresh OTL scan.


#41 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:11 PM

Posted 01 June 2010 - 03:36 PM

Please make the same with ControlSet002 and let me know if it worked smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#42 markphx

markphx
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 01 June 2010 - 08:03 PM

Unfortunately it did not work. I also tried it in ControlSet004, also did not work.

It appears that this is something related to Kaspersky AV, correct?. I tried the Repair option in "Modify,Repair, Remove" listed under Programs for Kaspersky and it did not change these entries either.

I should clarify, it did not work and gave the same Error as described before.

#43 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:11 PM

Posted 03 June 2010 - 12:35 PM

PLease uninstall and reinstall Kaspersky. Post back with a fresh OTL log using the same custom scan smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#44 markphx

markphx
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 05 June 2010 - 11:37 AM

Uninstalled Kaspersky AV and installed a newer version.

This may not be relevant, but they no longer supported my old version (KAV v.7), but offer a free upgrade to the new version (KAV 2010). I had to install the trial version and they are working on getting me an activation key.

Here is the OTL scan log:

OTL logfile created on: 6/5/2010 8:51:56 AM - Run 5
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Linda & Mark\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 17.70 Gb Free Space | 23.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEDROOM
Current User Name: Linda & Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/19 18:16:24 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda & Mark\Desktop\OTL.exe
PRC - [2010/02/10 12:54:12 | 000,151,552 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/06/05 16:04:54 | 001,623,264 | ---- | M] (Memeo Inc.) -- C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
PRC - [2009/06/05 16:04:50 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2009/03/12 10:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\sfus.exe
PRC - [2009/03/12 10:43:48 | 000,326,792 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\sfagent.exe
PRC - [2008/12/20 07:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 07:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/27 15:06:54 | 000,753,664 | ---- | M] (Systems Integration 2) -- C:\WINDOWS\sprscore.exe
PRC - [2007/12/09 16:29:58 | 000,434,176 | ---- | M] (Systems Integration 2) -- C:\WINDOWS\rundys32.exe
PRC - [2007/12/01 17:27:29 | 001,246,088 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/05/29 17:57:13 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/01/18 13:20:26 | 000,190,008 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SystemTray\stxmenumgr.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/06 00:37:10 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2003/03/09 13:31:02 | 000,065,795 | R--- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/05/19 18:16:24 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda & Mark\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2007/12/09 16:25:04 | 000,131,072 | ---- | M] () -- C:\WINDOWS\winfsysrn.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/10 12:54:12 | 000,151,552 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/06/05 16:04:50 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2009/03/12 10:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/12/01 17:27:29 | 001,246,088 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/06 07:23:48 | 001,095,184 | ---- | M] (SMART Technologies Inc.) [On_Demand | Stopped] -- C:\Program Files\SMART Board Software\SMARTBoardService.exe -- (SMART Board Service)
SRV - [2004/05/27 01:14:58 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2004/05/27 01:13:00 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2003/03/09 13:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/03/03 12:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/06/04 22:30:13 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\klif.sys -- (KLIF)
DRV - [2010/01/06 17:21:00 | 000,594,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8192su.sys -- (RTL8192su)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/09 20:15:18 | 000,033,920 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\covpndrv.sys -- (urvpndrv)
DRV - [2009/10/09 20:15:13 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\urfltw2k.sys -- (f5ipfw)
DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\klim5.sys -- (klim5)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\kl1.sys -- (kl1)
DRV - [2008/12/16 23:02:08 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/16 23:01:44 | 006,364,440 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/12/16 23:01:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/16 23:00:14 | 000,768,024 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys -- (LVRS)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 11:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2008/04/13 11:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2008/04/13 11:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/08 16:43:36 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/01/08 16:43:23 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/11/17 16:05:52 | 000,015,872 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2006/11/17 16:05:48 | 000,014,848 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0509.SYS -- (SSFS0509)
DRV - [2006/11/17 16:05:46 | 000,122,368 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/01/08 12:04:56 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 22:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/14 10:54:40 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/08/06 00:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 00:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 00:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 00:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 00:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 00:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 00:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 00:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 00:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 02:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/14 10:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 10:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 01:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2002/12/04 17:08:00 | 000,134,304 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AtlsVid.sys -- (EMATCORE)
DRV - [2002/12/03 10:48:00 | 000,021,504 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AtlsAud.sys -- (AtlsAud)
DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/17 20:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asapi.sys -- (Asapi)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3191E4CE-790E-42be-B2E0-223475263B7E}:6031.2009.1010.0301
FF - prefs.js..extensions.enabledItems: {DBBB3167-6E81-400f-BBFD-BD8921726F52}:6031.2009.1010.0304
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 17:09:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/17 12:24:31 | 000,000,000 | ---D | M]

[2009/02/02 18:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Mozilla\Extensions
[2010/06/03 18:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Mozilla\Firefox\Profiles\kcm9px1w.default\extensions
[2009/09/05 23:23:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Linda & Mark\Application Data\Mozilla\Firefox\Profiles\kcm9px1w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/16 16:07:23 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Documents and Settings\Linda & Mark\Application Data\Mozilla\Firefox\Profiles\kcm9px1w.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}
[2010/03/16 16:06:06 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Documents and Settings\Linda & Mark\Application Data\Mozilla\Firefox\Profiles\kcm9px1w.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2010/06/03 18:34:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/17 12:24:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/04 21:47:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/05/17 18:34:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll (SMART Technologies Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Memeo Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [SPAMfighter Agent] C:\Program Files\SPAMfighter\SFAgent.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [stezinit] C:\WINDOWS\sprscore.exe (Systems Integration 2)
O4 - HKLM..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Linda & Mark\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - C:\Program Files\Microsoft Office\Office\1033\PHDINTL.DLL (Microsoft Corporation)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://support.cox.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} https://mcalink.mayo.edu/vdesk/terminal/f5o...0,2010,331,1206 (OPSWAT AntiViruses Class)
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} https://mcalink.mayo.edu/vdesk/cachecleaner...,2010,0122,2102 (F5 Networks CacheCleaner)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://mcalink.mayo.edu/vdesk/terminal/urx...1,2010,125,2117 (F5 Networks VPN Manager)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} https://mcalink.mayo.edu/vdesk/terminal/f5o...0,2010,331,1206 (OPSWAT FireWalls Class)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} http://www.imgag.com/cp/install/AxCtp.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://mcalink.mayo.edu/vdesk/terminal/f5t...,2009,1204,1610 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://mcalink.mayo.edu/vdesk/terminal/Ins...,2009,1204,1613 (F5 Networks Auto Update)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} https://mcalink.mayo.edu/vdesk/terminal/f5o...0,2010,331,1206 (OPSWAT ProcessesScanner Class)
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab (AXIDMDCP Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab (EPUImageControl Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://mcalink.mayo.edu/vdesk/terminal/f5I...,2009,1204,1603 (F5 Networks Policy Agent Host Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1144696486296 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWire...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} http://www.programchecker.com/dll/nixon.cab (Zenturi Active Programs Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://www.imgag.com/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://mcalink.mayo.edu/vdesk/terminal/urx...,2009,1204,1608 (F5 Networks SuperHost Class)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} http://vdi.mayo.edu/downloads/VMware-viewclient.cab (VMware_VDM_Client Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://mcalink.mayo.edu/vdesk/terminal/urx...,2009,1204,1604 (F5 Networks Host Control)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://kc.kyrene.org/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://mcalink.mayo.edu/policy/download_bi...,2010,0125,2111 (F5 Networks OS Policy Agent)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab (ActiveDataObj Class)
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} https://mcalink.mayo.edu/vdesk/terminal/f5o...0,2010,331,1206 (F5 Networks OPSWAT Helper Control)
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} http://216.249.24.62/code/iPIX-ImageWell-ipix.cab (iPIX Media Send Class)
O16 - DPF: PackageCab http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\SYSTEM32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Linda & Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Linda & Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/01/06 11:50:22 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/04 22:03:21 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/05/22 17:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/22 17:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2010/05/22 17:11:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\{3BDEAF49-D872-415F-919C-A2CCC962D8AE}
[2010/05/21 18:49:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/21 18:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/21 18:41:59 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Linda & Mark\Desktop\erunt-setup.exe
[2010/05/19 18:16:21 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Linda & Mark\Desktop\OTL.exe
[2010/05/19 10:40:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/11 16:56:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/11 16:46:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/11 16:46:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/11 16:46:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/11 16:46:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/11 16:44:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/11 16:40:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/09 10:57:43 | 000,220,024 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\sigcheck.exe
[2010/05/09 10:40:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver
[2010/05/08 22:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda & Mark\Desktop\Recovery CD
[2010/05/07 22:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/07 22:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/03 20:07:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda & Mark\Desktop\gmer
[2010/05/03 20:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda & Mark\Desktop\Log files
[2010/05/02 16:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/05/02 14:22:26 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/05/01 19:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda & Mark\Application Data\OpenOffice.org
[2010/05/01 19:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/05/01 19:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/04/17 12:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/11 11:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/03/18 13:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2010/03/18 13:23:10 | 000,010,752 | ---- | C] (F5 Networks) -- C:\WINDOWS\System32\drivers\urfltw2k.sys
[2010/03/18 13:17:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/18 13:17:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/13 08:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VMware
[2010/03/13 08:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda & Mark\Local Settings\Application Data\VMware
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/05 08:37:54 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/06/05 08:36:35 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.ics
[2010/06/05 08:36:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/05 08:36:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/06/05 08:36:09 | 1608,568,832 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/05 08:36:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/06/05 08:36:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/06/04 22:35:27 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\ntuser.dat
[2010/06/04 22:35:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Linda & Mark\NTUSER.INI
[2010/06/04 22:30:13 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/06/04 22:30:11 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/06/04 22:30:11 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/06/02 21:20:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/02 11:09:06 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2010/05/29 12:11:30 | 000,148,992 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/23 18:04:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/21 18:42:02 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Linda & Mark\Desktop\erunt-setup.exe
[2010/05/19 18:16:24 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda & Mark\Desktop\OTL.exe
[2010/05/17 18:35:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/17 18:34:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/05/11 16:56:46 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/05/11 16:28:58 | 003,686,521 | R--- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\schrauber.exe
[2010/05/09 10:39:40 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\maxlook.exe
[2010/05/08 22:16:38 | 000,296,972 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\recovery_console_cd.zip
[2010/05/07 22:06:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/07 22:06:55 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/06 19:49:40 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\dds.scr
[2010/05/03 20:06:03 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\gmer.zip
[2010/05/02 14:47:40 | 000,002,433 | ---- | M] () -- C:\WINDOWS\dep32ceg.dll
[2010/05/02 13:39:35 | 000,129,760 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/02 13:38:23 | 000,420,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/01 19:25:03 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/24 15:38:25 | 000,001,716 | -H-- | M] () -- C:\Documents and Settings\Linda & Mark\My Documents\Default.rdp
[2010/04/24 15:18:35 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\Grades for Brandon Horner.doc
[2010/04/17 18:30:08 | 000,000,709 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.bak
[2010/04/17 16:30:11 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\Remote Desktop Connection.lnk
[2010/04/05 08:04:33 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\Outline_Format.doc
[2010/04/03 13:21:59 | 000,000,099 | ---- | M] () -- C:\WINDOWS\phd2dll.INI
[2010/03/25 22:08:11 | 000,023,597 | ---- | M] () -- C:\Documents and Settings\Linda & Mark\Desktop\Jenna 2010-2011 SAR.pdf
[2010/03/19 12:27:47 | 000,001,123 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/03/19 12:27:37 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
[2010/03/19 12:21:08 | 000,020,454 | ---- | M] () -- C:\WINDOWS\hpoins01.dat.temp
[2010/03/19 12:21:08 | 000,020,454 | ---- | M] () -- C:\WINDOWS\hpoins01.dat
[2010/03/19 12:15:24 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
[2010/03/18 14:38:31 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/18 14:38:31 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/18 14:38:29 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/18 13:16:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\f5wininfo-1209.INI
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/04 22:05:41 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/06/04 22:05:41 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/05/22 13:29:33 | 1608,568,832 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/11 16:56:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/11 16:56:30 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/11 16:46:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/11 16:46:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/11 16:46:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/11 16:46:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/11 16:46:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/11 16:28:58 | 003,686,521 | R--- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\schrauber.exe
[2010/05/09 10:39:40 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\maxlook.exe
[2010/05/08 22:16:37 | 000,296,972 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\recovery_console_cd.zip
[2010/05/07 22:06:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/07 22:06:55 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/06 19:49:40 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\dds.scr
[2010/05/03 20:06:02 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\gmer.zip
[2010/05/01 19:25:02 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/04/24 15:18:34 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\Grades for Brandon Horner.doc
[2010/04/17 16:30:11 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\Remote Desktop Connection.lnk
[2010/04/05 18:29:31 | 000,001,716 | -H-- | C] () -- C:\Documents and Settings\Linda & Mark\My Documents\Default.rdp
[2010/04/05 08:04:33 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\Outline_Format.doc
[2010/03/25 22:08:11 | 000,023,597 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\Desktop\Jenna 2010-2011 SAR.pdf
[2010/03/19 12:27:37 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
[2010/03/19 12:15:24 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
[2010/03/19 12:01:09 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2010/03/19 12:01:09 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2010/03/18 13:16:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\f5wininfo-1209.INI
[2010/03/17 17:18:11 | 009,961,472 | ---- | C] () -- C:\Documents and Settings\Linda & Mark\ntuser.dat
[2009/08/05 18:39:55 | 000,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/04/30 18:57:43 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/04/30 18:57:42 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/10 17:48:09 | 000,000,025 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/08/31 12:30:55 | 000,002,346 | ---- | C] () -- C:\WINDOWS\System32\LXusbpdr.ini
[2008/08/21 21:48:50 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/04/28 09:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/03/18 19:57:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\spr32snl.dll
[2008/03/18 19:57:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iopb32ul.dll
[2008/03/18 19:57:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iopa32ul.dll
[2008/02/11 21:23:14 | 000,131,072 | ---- | C] () -- C:\WINDOWS\winfsysrn.dll
[2007/12/02 21:14:57 | 000,002,433 | ---- | C] () -- C:\WINDOWS\dep32ceg.dll
[2007/04/01 17:36:57 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/02/22 21:29:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/01 16:57:09 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/01/01 16:57:09 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/12/12 09:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/08/28 19:27:43 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2006/04/01 15:06:20 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\islzma.dll
[2006/04/01 15:06:10 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/01 15:06:10 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/01/17 15:42:43 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2005/12/16 11:57:55 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\msvcf5bf.sys
[2005/09/26 12:53:39 | 000,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2005/04/19 20:55:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\ph401.dll
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/01/31 22:03:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlsz.INI
[2004/12/27 15:42:36 | 000,000,615 | ---- | C] () -- C:\WINDOWS\tlknw20.ini
[2004/10/12 18:27:27 | 000,000,099 | ---- | C] () -- C:\WINDOWS\phd2dll.INI
[2004/09/01 06:42:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2004/09/01 06:42:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\BiImg.dll
[2004/09/01 06:42:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll
[2004/09/01 06:42:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\JPeg32.dll
[2004/09/01 06:42:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\BiEResNT.dll
[2004/09/01 06:42:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Bic_Res.dll
[2004/09/01 06:42:44 | 000,000,072 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2004/07/31 14:00:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2004/06/12 19:35:40 | 000,004,512 | ---- | C] () -- C:\WINDOWS\hmew.dll
[2004/06/12 19:35:40 | 000,000,259 | ---- | C] () -- C:\WINDOWS\CHICKA.INI
[2004/06/12 19:35:39 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\SH22W16.DLL
[2004/06/12 18:04:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/03/20 20:35:14 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2004/03/10 20:47:52 | 000,010,962 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/02/18 14:40:13 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/01/23 10:09:13 | 000,000,080 | ---- | C] () -- C:\WINDOWS\OFXDATE.INI
[2004/01/21 19:04:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/01/21 19:04:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/01/21 08:51:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/01/21 08:31:52 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/01/20 22:34:02 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004/01/15 20:48:50 | 000,000,166 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2004/01/15 18:52:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/15 18:30:18 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/01/06 12:51:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/06 12:35:04 | 000,000,176 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/01/06 12:31:52 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/06 12:13:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/06 12:13:35 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/06 11:55:42 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/13 22:13:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2001/10/24 16:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[1999/01/22 11:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/23 19:36:00 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
[1998/01/12 01:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2008/03/23 09:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2009/03/21 14:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/05/10 11:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2005/05/05 21:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2004/01/15 18:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/03/16 10:23:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/04/11 11:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2007/03/25 21:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies Inc
[2010/02/02 22:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/02/27 16:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/04/30 18:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/02/10 10:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zenturi
[2008/12/31 12:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2005/09/07 20:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Aim
[2006/03/09 22:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Alawar
[2007/05/12 16:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\FileOpen
[2010/03/12 21:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\ICAClient
[2006/12/06 19:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Juniper Networks
[2004/03/21 11:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Leadertech
[2009/05/10 11:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Memeo
[2005/10/29 09:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Musicmatch
[2010/05/01 19:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\OpenOffice.org
[2007/03/25 21:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\SMART Technologies Inc
[2006/10/26 21:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\SmartDraw
[2008/08/03 12:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\SPAMfighter
[2007/03/21 20:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Template
[2007/06/29 17:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda & Mark\Application Data\Walgreens

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/20 18:59:30 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/08/20 20:21:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2004/08/20 18:59:30 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/20 20:21:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\maxdriver\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 12:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2004/08/20 18:59:30 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/08/20 20:21:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2004/08/20 18:59:30 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/20 20:21:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 00:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2002/08/29 00:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\maxdriver\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 22:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2003/04/23 08:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 00:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2002/08/29 04:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 04:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2004/08/04 00:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2002/08/29 04:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\msvbvm60.dll
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/09/03 07:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 07:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 07:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemdrive%\*.sys /90 /md5 >
[2010/06/05 08:36:09 | 1608,568,832 | -HS- | M] () Unable to obtain MD5 -- C:\hiberfil.sys
[2010/06/05 08:36:01 | 805,306,368 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kl1 >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 9
"ImagePath" = \??\C:\WINDOWS\system32\drivers\kl1.sys -- [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab)
"DisplayName" = Kl1
"Group" = PNP_TDI
"Description" = Kl1
"UseKlim" = klim5
"EthFilter" = 00 08 DD 86 [binary data]
"HookIp" = 1
"HookRawIp" = 1
"AutoBoot" = 1
"StartDate" = D4 AA B6 BE 6C 04 CB 01 [binary data]
"InData" = 1B EB CC 02 00 00 00 00 [binary data]
"OutData" = 52 A7 07 00 00 00 00 00 [binary data]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kl1\DropConn]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kl1\Parameters]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kl1\Security]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kl1\Enum]

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3741C791
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B
< End of report >


#45 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:11 PM

Posted 07 June 2010 - 03:03 PM

Good smile.gif

How is it running now?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users