Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google toolbar being redirected against my will


  • This topic is locked This topic is locked
21 replies to this topic

#1 F Right

F Right

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 13 July 2010 - 09:11 AM

I am being re-directed to other sites (mostly search engines such as askalot) when clicking on sites after a google search. I get McAfee and a firewall through Bsafe (now Bsecure) and have auto updates. I ran an updated Malwarebytes full scan which found nothing. I tried to run Microtrends Housecall off the internet but it was forced to close after 55 % completion.
I found your site and Malware guide. I tried to install Spybot S&D but was unsuccessful. I was able to install the free version of Lavasoft and ran a full scan but all it found was cookies and the problem remains.
So I’ve defogged and run the DDS and GMER programs and am requesting assistance.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 6:59:22.96 on Thu 07/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1283 [GMT -4:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\ModPS2Key.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\InetCntrl\Maint\ControlCenter.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://msn.com/
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Bsecure Popup Blocker: {e0019445-4c1f-414d-a70e-ad80f231c584} - c:\windows\system32\inetcntrl\popupkil\BsafeBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bsecure Popup Blocker: {e0019445-4c1f-414d-a70e-ad80f231c584} - c:\windows\system32\inetcntrl\popupkil\BsafeBHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Power2GoExpress] NA
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [ModPS2] ModPS2Key.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [<NO NAME>]
mRun: [LogitechQuickCamRibbon] "c:\program files\labtec\webcam10\WebCam10.exe" /hide
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [InetCntrl] c:\windows\system32\inetcntrl\InetCntrl.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\HOTSYNC.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\PowerReg Scheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: InetCntrl0014.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file:///C:/Program%20Files/ProENGINEER%20Schools%20Edition/i486_nt/obj/pvx_install.exe
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} - hxxp://www.platoweb.com/pathways/pway_iis.dll/pwln/02040611/fullcab/pwlninst.cab
DPF: {EA982C26-97EC-11D5-ABBC-00B0D078911C} - hxxps://pds.ptc.com/Windchill/wtcore/jsp/wvs/download/pviewieplugin.cab
DPF: {F694EA1F-2EC1-445D-8988-1862AD0CC4C8} - hxxps://pds.ptc.com/Windchill/wtcore/jsp/wvs/download/i486_nt_ie/pvvercheck_ie.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-7 64288]
R1 bsofrwl;bsofrwl;c:\windows\system32\drivers\bsofrwl.sys [2010-7-5 29024]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-6 1352832]
R2 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files\rosettastoneltdservices\RosettaStoneLtdController.exe [2008-9-16 352312]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-7-1 69692]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2007-5-30 39424]

=============== Created Last 30 ================

2010-07-08 10:57:34 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-07-08 00:37:54 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-08 00:18:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-07 23:59:25 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-07 23:53:39 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-07 23:53:17 0 d-----w- c:\program files\Lavasoft
2010-07-07 22:58:27 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-07 22:58:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-05 21:37:41 29024 ----a-w- c:\windows\system32\drivers\bsofrwl.sys
2010-07-05 21:37:41 165376 ----a-w- c:\windows\system32\InetCntrl0014.dll
2010-07-05 21:37:40 39424 ----a-w- c:\windows\system32\drivers\BSafFltr.sys
2010-07-04 20:49:57 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-04 20:42:50 0 d-----w- c:\program files\ESET
2010-07-03 21:09:05 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-03 13:43:11 0 d-----w- c:\program files\Trend Micro
2010-07-03 12:32:06 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-30 02:32:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-30 01:46:24 0 d-----w- c:\docume~1\owner\applic~1\Systenance
2010-06-17 02:48:14 277504 ----a-w- c:\windows\system32\oestore.dll
2010-06-17 02:48:14 132880 ----a-w- c:\windows\system32\msinet.ocx
2010-06-15 21:55:48 412 ----a-w- c:\windows\MAXLINK.INI
2010-06-15 21:55:37 0 d-----w- c:\program files\common files\ScanSoft Shared
2010-06-15 21:55:15 0 d-----w- c:\program files\ScanSoft
2010-06-15 21:52:04 215040 ----a-w- c:\windows\system32\CNMLM93.DLL
2010-06-15 21:51:56 98304 ----a-w- c:\windows\system32\CNC610I.DLL
2010-06-15 21:51:56 200704 ----a-w- c:\windows\system32\CNC610L.DLL
2010-06-15 21:51:56 188416 ----a-w- c:\windows\system32\CNC610O.DLL
2010-06-15 21:51:55 1400832 ----a-w- c:\windows\system32\CNC610C.DLL
2010-06-11 01:53:02 32 ----a-w- c:\windows\vb_mconf.ini
2010-06-11 01:53:00 0 d-----w- c:\program files\Mil Incorporated
2010-06-10 16:21:00 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 13:53:04 0 d-----w- c:\program files\common files\xing shared

==================== Find3M ====================

2010-07-03 13:49:01 12217 ----a-w- c:\program files\hijackthis one
2010-06-08 13:52:41 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-08 13:52:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-23 00:36:33 1536 ----a-w- c:\docume~1\owner\applic~1\Sketchpad 5 Preferences.dat
2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2008-04-11 19:07:20 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-09-26 02:01:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080922\index.dat
2008-09-26 02:01:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092520080926\index.dat

============= FINISH: 7:00:21.34 ===============

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-10 08:24:55
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\agxiyaow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA19887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA198BFE]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\ultra.sys entry point in ".rsrc" section [0xBA13E314]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1028] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1028] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1028] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[1028] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00F8000A
.text C:\WINDOWS\System32\svchost.exe[1028] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0101000A
.text C:\WINDOWS\Explorer.EXE[2168] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[2168] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[2168] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\Explorer.EXE[6008] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[6008] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[6008] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs BSafFltr.sys (BSafeFil/BSafe Online)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat BSafFltr.sys (BSafeFil/BSafe Online)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8A4DAEC5

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000c78339f36
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000c78339f36@001653047609 0x43 0x1A 0x10 0xCD ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000c78339f36 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000c78339f36@001653047609 0x43 0x1A 0x10 0xCD ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\ultra.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

So, What do you see? And, thank you for your help.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 18 July 2010 - 07:30 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


In your reply, please post both OTL logs.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 F Right

F Right
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 18 July 2010 - 08:31 AM

Hello, and thans for the help.

When I started the computer I got a pop-up message from:

Microsoft Visual C++ Runtime Library

Programs: C|WINDOWS\system32\InetCntrl\InetCntrl.exe

This app has requested the runtime to terminate in an unusual way.

Next a Logitech window popped up and declared that it was going to search for updates. I declined its request.

I downloaded and installed OTL and got a pop-up that framedyn.dll was not found and that OTL had not installed properly, but then it appeared to install so I ran it.

It generated a report (otl.txt) on notepad. It is copied below:

OTL logfile created on: 7/18/2010 9:05:44 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.15 Gb Total Space | 100.62 Gb Free Space | 70.79% Space Free | Partition Type: NTFS
Drive D: | 6.89 Gb Total Space | 4.22 Gb Free Space | 61.25% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 7.04 Gb Free Space | 94.44% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-C30BE43EA5
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/18 08:50:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/07/06 13:28:44 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/07/06 13:28:44 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/04/17 00:18:36 | 012,315,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/07/26 14:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/31 19:26:18 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/09/16 12:02:42 | 000,352,312 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
PRC - [2008/09/16 12:02:42 | 000,013,368 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/06 18:58:16 | 001,060,376 | ---- | M] () -- C:\Program Files\Labtec\WebCam10\WebCam10.exe
PRC - [2007/03/06 18:51:26 | 000,252,704 | ---- | M] (Labtec Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
PRC - [2007/03/06 18:48:46 | 000,488,984 | ---- | M] (Labtec Inc,) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2006/11/07 17:34:26 | 000,053,248 | ---- | M] (Chicony) -- C:\WINDOWS\ModPS2Key.exe
PRC - [2006/11/07 17:08:40 | 000,547,840 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/06/30 23:56:08 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2001/06/07 16:01:00 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Palm\Hotsync.exe


========== Modules (SafeList) ==========

MOD - [2010/07/18 08:50:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/02/05 09:29:04 | 000,139,264 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/06 13:28:44 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/09/16 12:02:42 | 000,352,312 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe -- (RosettaStoneLtdController)
SRV - [2007/03/06 18:55:24 | 000,105,248 | ---- | M] (Labtec Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/06/30 23:56:08 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - [2010/07/06 13:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/16 03:27:14 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/03/16 03:26:50 | 004,402,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/03/15 23:47:48 | 001,181,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/06/04 10:55:26 | 000,029,024 | ---- | M] (NT Kernel Resources) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\bsofrwl.sys -- (bsofrwl)
DRV - [2007/05/30 17:34:44 | 000,039,424 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fantom.sys -- (FANTOM)
DRV - [2007/03/06 18:54:40 | 000,041,376 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/03/06 18:52:46 | 002,261,792 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/03/06 18:50:30 | 001,669,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/03/06 18:48:46 | 001,273,504 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/03/06 18:48:46 | 000,014,240 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/09/23 19:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/18 01:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 01:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 01:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 01:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 01:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 00:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 00:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 00:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 00:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 00:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 00:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 00:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 00:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 00:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 00:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 23:10:58 | 000,069,692 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el575ND5.sys -- (el575nd5)
DRV - [2001/06/07 16:01:00 | 000,012,270 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3650
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3650
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3650
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3650
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3919685091-1543033809-828186886-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3919685091-1543033809-828186886-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3919685091-1543033809-828186886-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKU\S-1-5-21-3919685091-1543033809-828186886-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3919685091-1543033809-828186886-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/08 09:53:37 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 16:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\BAE.dll (Gateway Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Bsecure Popup Blocker) - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll (Bsecure Technologies, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bsecure Popup Blocker) - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll (Bsecure Technologies, Inc.)
O3 - HKU\S-1-5-21-3919685091-1543033809-828186886-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3919685091-1543033809-828186886-1003\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] File not found
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CHotkey] File not found
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe (Bsafe Online, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Labtec Inc,)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Labtec\WebCam10\WebCam10.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [ModPS2] File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [RTHDCPL] File not found
O4 - HKLM..\Run: [ShowWnd] File not found
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3919685091-1543033809-828186886-1003..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-21-3919685091-1543033809-828186886-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] File not found
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\Hotsync.exe (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\STUDENTS\Start Menu\Programs\Startup\HotSync Manager.LNK = C:\Palm\Hotsync.exe (Palm, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3919685091-1543033809-828186886-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} file:///C:/Program%20Files/ProENGINEER%20Schools%20Edition/i486_nt/obj/pvx_install.exe (ProductView Express)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/download/7/1...20/pmupd806.exe (MSN Money Charting)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} http://www.platoweb.com/pathways/pway_iis....ab/pwlninst.cab (PWLNINST Control)
O16 - DPF: {EA982C26-97EC-11D5-ABBC-00B0D078911C} https://pds.ptc.com/Windchill/wtcore/jsp/wv...iewieplugin.cab (PViewIEPlugin Control)
O16 - DPF: {F694EA1F-2EC1-445D-8988-1862AD0CC4C8} https://pds.ptc.com/Windchill/wtcore/jsp/wv...vercheck_ie.cab (pvvercheck_ie Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/24 20:42:48 | 000,000,000 | ---D | M] - C:\AUTOEXEC -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 11:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/06/01 22:22:14 | 000,072,192 | ---- | M] () - F:\Autoimmune Disorders clipboard.doc -- [ FAT32 ]
O33 - MountPoints2\{511b07db-07f3-11dd-b8e3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{511b07db-07f3-11dd-b8e3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{964b51b4-cd1b-11dd-8f40-001e90329808}\Shell - "" = AutoRun
O33 - MountPoints2\{964b51b4-cd1b-11dd-8f40-001e90329808}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{964b51b4-cd1b-11dd-8f40-001e90329808}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{daf10d82-d2a1-11dd-8f4c-001e90329808}\Shell - "" = AutoRun
O33 - MountPoints2\{daf10d82-d2a1-11dd-8f4c-001e90329808}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e9702181-8446-11dd-8e02-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e9702181-8446-11dd-8e02-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

Drivers32: aux - wdmaud.drv File not found
Drivers32: aux1 - wdmaud.drv File not found
Drivers32: aux2 - wdmaud.drv File not found
Drivers32: midi - wdmaud.drv File not found
Drivers32: midi1 - wdmaud.drv File not found
Drivers32: midi2 - wdmaud.drv File not found
Drivers32: midimapper - midimap.dll File not found
Drivers32: mixer - wdmaud.drv File not found
Drivers32: mixer1 - wdmaud.drv File not found
Drivers32: mixer2 - wdmaud.drv File not found
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm File not found
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm File not found
Drivers32: msacm.msaudio1 - msaud32.acm File not found
Drivers32: msacm.msg711 - msg711.acm File not found
Drivers32: msacm.msg723 - msg723.acm File not found
Drivers32: msacm.msgsm610 - msgsm32.acm File not found
Drivers32: msacm.sl_anet - sl_anet.acm File not found
Drivers32: msacm.trspch - tssoft32.acm File not found
Drivers32: MSVideo - vfwwdm32.dll File not found
Drivers32: MSVideo8 - VfWWDM32.dll File not found
Drivers32: vidc.cvid - iccvid.dll File not found
Drivers32: VIDC.I420 - lvcodec2.dll File not found
Drivers32: vidc.iv31 - ir32_32.dll File not found
Drivers32: vidc.iv32 - ir32_32.dll File not found
Drivers32: vidc.iv41 - ir41_32.ax File not found
Drivers32: vidc.iv50 - ir50_32.dll File not found
Drivers32: VIDC.IYUV - iyuv_32.dll File not found
Drivers32: vidc.M261 - msh261.drv File not found
Drivers32: vidc.M263 - msh263.drv File not found
Drivers32: vidc.mrle - msrle32.dll File not found
Drivers32: vidc.msvc - msvidc32.dll File not found
Drivers32: VIDC.UYVY - msyuv.dll File not found
Drivers32: VIDC.YUY2 - msyuv.dll File not found
Drivers32: VIDC.YVU9 - tsbyuv.dll File not found
Drivers32: VIDC.YVYU - msyuv.dll File not found
Drivers32: wave - wdmaud.drv File not found
Drivers32: wave1 - wdmaud.drv File not found
Drivers32: wave2 - wdmaud.drv File not found
Drivers32: wavemapper - msacm32.drv File not found
SystemRestore not available.

========== Files/Folders - Created Within 90 Days ==========

[2010/07/18 08:56:49 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/09 17:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/07/08 20:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2010/07/07 20:37:54 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/07 20:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software
[2010/07/07 19:59:25 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/07 19:53:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2010/07/07 19:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/07/07 19:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/07/07 18:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/07 18:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/05 17:37:41 | 000,029,024 | ---- | C] (NT Kernel Resources) -- C:\WINDOWS\System32\drivers\bsofrwl.sys
[2010/07/05 17:37:40 | 000,039,424 | ---- | C] (BSafe Online) -- C:\WINDOWS\System32\drivers\BSafFltr.sys
[2010/07/05 13:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\COMPUTER SECURITY
[2010/07/04 16:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/03 17:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/03 09:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/03 00:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/03 00:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/01 19:24:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/06/29 22:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/29 22:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/29 21:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Systenance
[2010/06/27 09:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\VASCULITIS
[2010/06/21 20:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Canon
[2010/06/20 16:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\VITAMIN D
[2010/06/16 22:48:14 | 000,277,504 | ---- | C] (Nektra S.A.) -- C:\WINDOWS\System32\oestore.dll
[2010/06/15 18:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Scansoft
[2010/06/15 17:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/06/15 17:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/06/15 17:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2010/06/15 17:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2010/06/10 21:53:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mil Incorporated
[2010/06/10 21:53:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mil Incorporated
[2010/06/08 09:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/05/22 20:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\Sketchpad
[4 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/18 09:04:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{03EDDF16-8C2A-4A4B-9E37-2F853836AEB4}.job
[2010/07/18 08:55:34 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/18 08:54:03 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/18 08:52:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/18 08:52:46 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3919685091-1543033809-828186886-1003.job
[2010/07/18 08:52:40 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3919685091-1543033809-828186886-1008.job
[2010/07/18 08:52:40 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3919685091-1543033809-828186886-1007.job
[2010/07/18 08:52:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/18 08:52:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/18 08:52:21 | 2138,624,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/18 08:50:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/17 22:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/17 20:26:29 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3919685091-1543033809-828186886-1007.job
[2010/07/17 18:50:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\15 mins.job
[2010/07/17 17:39:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/17 14:38:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3919685091-1543033809-828186886-1008.job
[2010/07/17 11:26:04 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/07/14 18:51:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/12 18:37:37 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/07/12 18:37:37 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/10 09:03:45 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3919685091-1543033809-828186886-1003.job
[2010/07/09 17:51:00 | 000,000,056 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/07/08 20:53:56 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2010/07/08 20:46:37 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/08 06:57:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/07/08 06:55:28 | 000,427,715 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Why we request you disable CD Emulation when receiving Malware Removal Advice.mht
[2010/07/08 06:54:07 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/07 20:37:54 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/07 18:58:31 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/07 18:58:31 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/07/06 19:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/06 13:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/06 13:28:44 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/06 12:20:48 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/07/05 22:13:34 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2010/07/05 13:43:11 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows defender etc.doc
[2010/07/05 09:43:58 | 000,715,872 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Medical_Exposures_Fact_Sheet[1].pdf
[2010/07/04 16:49:57 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/03 09:49:01 | 000,012,217 | ---- | M] () -- C:\Program Files\hijackthis one
[2010/07/03 09:42:59 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.msi
[2010/07/01 13:42:46 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\launch.xml
[2010/07/01 13:42:37 | 000,000,329 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\launcherData.xml
[2010/06/23 21:56:56 | 000,574,712 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 21:56:56 | 000,116,290 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/21 21:02:47 | 000,315,495 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Beta-Blockers - Side Effects.mht
[2010/06/21 20:56:03 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Heart palpitations.doc
[2010/06/20 22:04:15 | 000,000,032 | ---- | M] () -- C:\WINDOWS\vb_mconf.ini
[2010/06/15 18:13:05 | 000,001,914 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MP610 series On-screen Manual.lnk
[2010/06/15 17:55:48 | 000,000,412 | ---- | M] () -- C:\WINDOWS\MAXLINK.INI
[2010/06/15 17:53:07 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MP Navigator EX 1.0.lnk
[2010/06/14 21:20:39 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\high school junior scholarships.doc
[2010/06/14 20:57:40 | 000,232,819 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ayn Rand Institute Essay Contests — Ayn Rand Novels.mht
[2010/06/12 12:11:28 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HDMI Card.doc
[2010/06/12 11:57:14 | 000,095,019 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ASUS Card Rebate Form.pdf
[2010/06/12 11:32:43 | 000,008,790 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DIY-PCI06.jpg
[2010/06/11 18:57:36 | 000,074,248 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RCTA Order Placed Order # 3527.mht
[2010/06/11 11:00:37 | 000,204,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 22:07:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/10 22:06:25 | 000,000,967 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/10 22:01:06 | 000,683,168 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/08 09:53:37 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/06/08 09:52:40 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/05/27 21:27:33 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\windows xp backup restore wizard.doc
[2010/05/22 20:36:33 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Sketchpad 5 Preferences.dat
[2010/05/22 20:27:46 | 085,665,699 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\InstallSketchpad.zip
[2010/05/22 20:17:56 | 000,184,924 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The Geometer's Sketchpad single license.mht
[2010/05/02 20:58:17 | 000,103,424 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Take your temperature.doc
[4 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/09 17:47:15 | 000,000,056 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/07/08 20:46:35 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/08 06:57:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/07/08 06:56:44 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/07/08 06:55:24 | 000,427,715 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Why we request you disable CD Emulation when receiving Malware Removal Advice.mht
[2010/07/08 06:53:58 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/07 20:18:48 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/07 20:04:04 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/07 18:58:31 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/07 18:58:31 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/07/05 17:37:41 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\InetCntrl0014.dll
[2010/07/05 13:41:57 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows defender etc.doc
[2010/07/05 13:39:00 | 000,715,872 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Medical_Exposures_Fact_Sheet[1].pdf
[2010/07/04 16:49:57 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/03 09:49:01 | 000,012,217 | ---- | C] () -- C:\Program Files\hijackthis one
[2010/07/03 09:43:11 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2010/07/03 09:42:49 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.msi
[2010/06/29 22:32:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/24 17:58:01 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3919685091-1543033809-828186886-1008.job
[2010/06/24 17:58:01 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3919685091-1543033809-828186886-1008.job
[2010/06/21 21:02:46 | 000,315,495 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Beta-Blockers - Side Effects.mht
[2010/06/21 20:39:49 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Heart palpitations.doc
[2010/06/15 17:55:48 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010/06/15 17:53:07 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MP Navigator EX 1.0.lnk
[2010/06/15 17:52:17 | 000,001,914 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MP610 series On-screen Manual.lnk
[2010/06/14 20:57:39 | 000,232,819 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ayn Rand Institute Essay Contests — Ayn Rand Novels.mht
[2010/06/14 20:47:59 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\high school junior scholarships.doc
[2010/06/12 11:57:14 | 000,095,019 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ASUS Card Rebate Form.pdf
[2010/06/12 11:55:29 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HDMI Card.doc
[2010/06/12 11:32:53 | 000,008,790 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DIY-PCI06.jpg
[2010/06/11 18:57:36 | 000,074,248 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RCTA Order Placed Order # 3527.mht
[2010/06/10 21:53:02 | 000,000,032 | ---- | C] () -- C:\WINDOWS\vb_mconf.ini
[2010/06/09 20:36:07 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3919685091-1543033809-828186886-1003.job
[2010/06/09 20:36:07 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3919685091-1543033809-828186886-1003.job
[2010/06/08 09:53:38 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3919685091-1543033809-828186886-1007.job
[2010/06/08 09:53:38 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3919685091-1543033809-828186886-1007.job
[2010/06/08 09:53:37 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/05/27 21:27:32 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\windows xp backup restore wizard.doc
[2010/05/22 20:36:33 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Sketchpad 5 Preferences.dat
[2010/05/22 20:27:43 | 085,665,699 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\InstallSketchpad.zip
[2010/05/22 20:17:55 | 000,184,924 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The Geometer's Sketchpad single license.mht
[2010/05/02 09:28:43 | 000,103,424 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Take your temperature.doc
[2010/01/18 21:22:05 | 000,051,370 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/05/01 17:39:42 | 000,000,465 | ---- | C] () -- C:\WINDOWS\BMPLDraw.ini
[2009/04/28 21:25:28 | 000,007,436 | ---- | C] () -- C:\WINDOWS\LDraw.INI
[2009/04/22 12:09:00 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2009/04/21 14:22:11 | 000,000,032 | ---- | C] () -- C:\WINDOWS\HIGHERG.INI
[2009/04/16 10:56:32 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2009/04/07 22:54:09 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\sysogg.dll
[2009/04/03 15:42:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/12/25 16:03:19 | 000,254,976 | ---- | C] () -- C:\WINDOWS\System32\SMSEQ.DLL
[2008/12/25 16:03:19 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SMOOTHS.DLL
[2008/12/25 16:03:19 | 000,014,048 | ---- | C] () -- C:\WINDOWS\System32\SMOOTH16.DLL
[2008/12/25 16:03:19 | 000,010,720 | ---- | C] () -- C:\WINDOWS\System32\SCRLIB.DLL
[2008/10/14 19:04:46 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2008/09/27 15:11:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/21 14:46:43 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Cosmos.ini
[2008/09/21 14:24:51 | 000,000,126 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/21 14:24:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/09/21 10:51:31 | 000,000,147 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2008/09/21 09:59:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\writtool.ini
[2008/09/16 20:15:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\mathadv2002.ini
[2008/09/16 20:14:47 | 000,000,211 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2008/09/16 20:11:03 | 000,000,226 | ---- | C] () -- C:\WINDOWS\qtw.ini
[2008/09/16 20:05:21 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2008/09/16 20:03:54 | 000,000,011 | ---- | C] () -- C:\WINDOWS\gkv5univ.ini
[2008/09/16 20:03:43 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2008/09/16 20:03:43 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\IC32.INI
[2008/04/11 14:25:05 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2008/04/11 14:25:05 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2008/04/11 14:24:49 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/06 18:50:30 | 001,669,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2006/07/01 03:01:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/06 21:24:27 | 000,001,456 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/06 21:24:27 | 000,000,483 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/06/26 15:08:32 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\HexactoConduit.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/12/25 15:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2008/09/21 14:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2010/04/05 21:10:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/11/06 21:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
[2009/01/29 21:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2010/06/15 17:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/09/17 20:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/07/07 19:53:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2009/12/05 21:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/15 21:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/04/11 14:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2010/06/21 20:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2010/04/05 21:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon Easy-WebPrint EX
[2009/03/31 20:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/05 20:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2008/04/11 14:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2010/06/29 21:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Systenance
[2010/07/09 17:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/01/08 21:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PROGRAMS\Application Data\Blender Foundation
[2010/05/16 18:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PROGRAMS\Application Data\Canon Easy-WebPrint EX
[2009/01/21 15:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PROGRAMS\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/09/22 21:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PROGRAMS\Application Data\FileMaker
[2009/04/24 20:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PROGRAMS\Application Data\LEGO Company
[2008/12/01 19:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PROGRAMS\Application Data\PTC
[2008/04/11 14:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PROGRAMS\Application Data\SampleView
[2009/03/04 20:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PROGRAMS\Application Data\Template
[2010/07/11 09:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDENTS\Application Data\Canon
[2010/04/06 10:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDENTS\Application Data\Canon Easy-WebPrint EX
[2009/01/16 16:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDENTS\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/05/23 18:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDENTS\Application Data\Dev-Cpp
[2008/09/21 18:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDENTS\Application Data\FileMaker
[2008/11/09 15:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDENTS\Application Data\LEGO Company
[2009/04/29 21:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDENTS\Application Data\ptc
[2008/04/11 14:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDENTS\Application Data\SampleView
[2010/06/15 17:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDENTS\Application Data\ScanSoft
[2009/02/19 12:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDENTS\Application Data\Template
[2010/07/17 18:50:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\15 mins.job
[2010/07/18 08:54:03 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2008/09/16 19:33:19 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2010/07/18 08:55:34 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/07/18 09:04:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{03EDDF16-8C2A-4A4B-9E37-2F853836AEB4}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/05/06 06:41:50 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[16 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2010/05/02 01:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[16 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/05/06 14:29:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/05/06 14:29:39 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/05/06 14:29:39 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2010/07/18 08:52:12 | 000,003,804 | ---- | M] () -- C:\aaw7boot.log
[2009/11/28 22:21:11 | 000,000,000 | ---- | M] () -- C:\asoutput.log
[2008/04/11 14:33:16 | 000,001,546 | ---- | M] () -- C:\BigFix.lnk
[2009/06/11 14:19:12 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/07/18 08:52:21 | 2138,624,000 | -HS- | M] () -- C:\hiberfil.sys
[2006/05/06 21:38:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/01 17:31:21 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2006/05/06 21:38:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 16:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/25 21:48:38 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/18 08:52:12 | 3196,059,648 | -HS- | M] () -- C:\pagefile.sys
[2009/04/17 16:55:01 | 000,000,136 | ---- | M] () -- C:\SerialSync.txt
[2009/05/11 16:18:25 | 000,000,215 | -H-- | M] () -- C:\T4Metrics.log
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2004/04/23 01:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD64.DLL
[2007/03/17 01:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD93.DLL
[2009/03/24 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPDA0.DLL
[2004/04/23 01:00:00 | 000,054,272 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP64.DLL
[2007/03/17 01:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP93.DLL
[2009/03/24 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPPA0.DLL
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004/08/04 16:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/25 21:45:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 16:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/25 21:45:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 10:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 16:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/25 21:45:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 16:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/25 21:45:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 09:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 16:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 16:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 16:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USER32.DLL >
[2005/03/02 22:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007/03/08 11:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2007/03/08 11:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005/03/02 22:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

< MD5 for: WS2_32.DLL >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 16:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< End of report >

It also generated a file extras.txt which is pasted here:

OTL Extras logfile created on: 7/18/2010 9:05:44 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.15 Gb Total Space | 100.62 Gb Free Space | 70.79% Space Free | Partition Type: NTFS
Drive D: | 6.89 Gb Total Space | 4.22 Gb Free Space | 61.25% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 7.04 Gb Free Space | 94.44% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-C30BE43EA5
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg [@ = regfile] -- regedit.exe "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices -- (Rosetta Stone Ltd. )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\WINDOWS\system32\InetCntrl\InetCntrl.exe" = C:\WINDOWS\system32\InetCntrl\InetCntrl.exe:*:Enabled:Bsecure Internet Protection Services - Application -- (Bsafe Online, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Broderbund\Kasparov Chess Windows\KasparovChess.exe" = C:\Program Files\Broderbund\Kasparov Chess Windows\KasparovChess.exe:*:Enabled:KasparovChess -- ()
"C:\Program Files\ProENGINEER Schools Edition\i486_nt\obj\pro_comm_msg.exe" = C:\Program Files\ProENGINEER Schools Edition\i486_nt\obj\pro_comm_msg.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC -- (PTC)
"C:\Program Files\ProENGINEER Schools Edition\i486_nt\obj\xtop.exe" = C:\Program Files\ProENGINEER Schools Edition\i486_nt\obj\xtop.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC -- (PTC)
"C:\Program Files\ProENGINEER Schools Edition\i486_nt\nms\nmsd.exe" = C:\Program Files\ProENGINEER Schools Edition\i486_nt\nms\nmsd.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC -- (PTC)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- File not found
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices -- (Rosetta Stone Ltd. )
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2110AF8F-F6E9-4712-A185-1B839C60822E}" = Rosetta Stone Ltd Services
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 20
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{521EAEC9-88CB-498E-A0C6-C1A79C69623E}" = PTC ProductView Express - Wildfire 3.0 (M100)
"{547D1137-8531-4B0B-A35B-D501C9708DE8}" = ProductView Client 9.1
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C1D47CC-682C-4673-8CA8-DEE659628599}" = LEGO MINDSTORMS NXT Migration Package
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7FFEC889-BACE-4EE5-BC92-968FBE547AC4}" = Singing Coach
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{995BF1A7-30E5-49E5-A0E4-AD3213D9E330}" = Labtec WebCam
"{99B66D96-5BB2-42DF-BF7C-432285A1E5A5}" = LEGO MINDSTORMS NXT Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEEE856A-3461-4F6A-AB81-54646BE4CA0F}" = Earth Quest
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDE4B478-F489-444D-900C-A9812569E6D2}" = LEGO MINDSTORMS NXT Software v1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E604A0-5C90-4212-88B5-2AFCFF134FB5}" = MSN Toolbar
"{D2B8DB3C-E5F0-48CA-810E-87DFD5603DC2}" = LEGO MINDSTORMS NXT - English Language Pack
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF86A72C-4585-4D75-B592-968C8C6604A1}" = eMachines Connect
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F73BB4A8-6F3A-4260-99A2-CAA54E92CB98}" = Dinosaur Hunter
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver
"3D Thinking Lab" = 3D Thinking Lab (Remove only)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Amazon3" = Amazon3
"Audacity_is1" = Audacity 1.2.6
"Biology" = Biology 3.5
"Blender" = Blender (remove only)
"BodyWorks 6.0" = BodyWorks 6.0
"CamStudio" = CamStudio
"Canon MP560 series User Registration" = Canon MP560 series User Registration
"Canon MP610 series User Registration" = Canon MP610 series User Registration
"CANONBJ_Deinstall_CNMCP64.DLL" = Canon PIXMA iP4000
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Carmen Sandiego Math Detective 1.0.0" = Carmen Sandiego Math Detective
"Continuum_is1" = Continuum 0.40
"Cosmos Interactive" = Cosmos Interactive
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint" = Easy-WebPrint
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"Eyewitness Encyclopedia of Nature 2.0" = Eyewitness Encyclopedia of Nature 2.0
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"Homeworkhelp.com Chemistry Plus" = Homeworkhelp.com Chemistry Plus
"Homeworkhelp.com Grammar" = Homeworkhelp.com Grammar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Indeo® software" = Indeo® software
"InetCntrl" = Bsecure Internet Protection Services 5.5
"InstallShield_{7FFEC889-BACE-4EE5-BC92-968FBE547AC4}" = Singing Coach
"Jimmy Neutron Boy Genius" = Jimmy Neutron Boy Genius
"Kasparov Chessmate for Palm" = Kasparov Chessmate for Palm
"Kasparov Chessmate for Windows" = Kasparov Chessmate for Windows
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Liberty's Kids" = Liberty's Kids
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marine Aquarium 2, Sharks & Carousel Bundle" = Marine Aquarium 2, Sharks & Carousel Bundle
"Math Advantage 2002" = Math Advantage 2002
"Mavis Beacon Teaches Typing 16" = Mavis Beacon Teaches Typing 16
"Mavis Beacon Teaches Typing Deluxe 17" = Mavis Beacon Teaches Typing Deluxe 17
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006a" = MSN Money Investment Toolbox
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mysterious Egypt Vol. 1" = Mysterious Egypt Vol. 1
"Mysterious Egypt Vol. 2" = Mysterious Egypt Vol. 2
"New LEGO Digital Designer" = LEGO Digital Designer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Oregon Trail® 5" = Oregon Trail® 5
"PLATO Web Learning Network Clients" = PLATO Web Learning Network Clients
"Pro/ENGINEER Schools Edition Release Wildfire 3.0 Datecode M100" = Pro/ENGINEER Schools Edition Release Wildfire 3.0 Datecode M100
"QcDrv" = Labtec® Camera Driver
"RealPlayer 12.0" = RealPlayer
"RollerCoaster Tycoon Setup" = Roll
"RSX2DeinstKey" = Intel RSX 3D
"Shockwave" = Shockwave
"Sketchpad" = Sketchpad
"Ssbwincd.exe" = Super Solvers Spellbound
"ST6UNST #1" = Myopoly5
"The Writing Tutor" = The Writing Tutor
"TrafficGiant-Gold Edition" = TrafficGiant-Gold Edition
"UnityWebPlayer" = Unity Web Player
"VST Bridge_is1" = VST Bridge 1.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zoombinis Logical Journey™" = Zoombinis Logical Journey™

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3919685091-1543033809-828186886-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/17/2010 4:46:54 PM | Computer Name = YOUR-C30BE43EA5 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>
with error: This network connection does not exist.

Error - 7/17/2010 4:46:54 PM | Computer Name = YOUR-C30BE43EA5 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>
with error: This network connection does not exist.

Error - 7/17/2010 4:46:54 PM | Computer Name = YOUR-C30BE43EA5 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>
with error: This network connection does not exist.

Error - 7/17/2010 4:46:54 PM | Computer Name = YOUR-C30BE43EA5 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>
with error: This network connection does not exist.

Error - 7/17/2010 7:40:17 PM | Computer Name = YOUR-C30BE43EA5 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/17/2010 7:40:17 PM | Computer Name = YOUR-C30BE43EA5 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/17/2010 7:40:22 PM | Computer Name = YOUR-C30BE43EA5 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 7/17/2010 7:40:22 PM | Computer Name = YOUR-C30BE43EA5 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/17/2010 7:40:22 PM | Computer Name = YOUR-C30BE43EA5 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/18/2010 8:52:38 AM | Computer Name = YOUR-C30BE43EA5 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

[ System Events ]
Error - 7/15/2010 5:13:30 PM | Computer Name = YOUR-C30BE43EA5 | Source = DCOM | ID = 10010
Description = The server {57FBA82D-F8D5-4146-8795-BF3EBF0AE216} did not register
with DCOM within the required timeout.

Error - 7/16/2010 9:23:04 AM | Computer Name = YOUR-C30BE43EA5 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/16/2010 9:23:04 AM | Computer Name = YOUR-C30BE43EA5 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/16/2010 6:53:12 PM | Computer Name = YOUR-C30BE43EA5 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 7/17/2010 10:12:10 AM | Computer Name = YOUR-C30BE43EA5 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/17/2010 10:12:10 AM | Computer Name = YOUR-C30BE43EA5 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/17/2010 12:13:01 PM | Computer Name = YOUR-C30BE43EA5 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/17/2010 12:13:01 PM | Computer Name = YOUR-C30BE43EA5 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/18/2010 8:52:46 AM | Computer Name = YOUR-C30BE43EA5 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/18/2010 8:52:46 AM | Computer Name = YOUR-C30BE43EA5 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >




#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 18 July 2010 - 09:31 AM

Hello, F Right.

That error could be due to the malware. Please keep an eye on it. The file it referenced is legit.

As for the OTL error, that's a windows system file...it's either corrupt, missing; or your system path was changed by malware. We'll keep an eye on that as well. OTL lists many critical files as 'missing', but that may be due to the error up front. We'll dig into that after we run Combofix.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.















Step 1

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 F Right

F Right
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 18 July 2010 - 04:08 PM

Combifix Reply

ComboFix 10-07-16.02 - Owner 07/18/2010 16:21:23.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1640 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\etavaresCF.exe.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\Temp
c:\windows\xpsp1hfm.log
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\ultra.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-06-18 to 2010-07-18 )))))))))))))))))))))))))))))))
.

2010-07-11 13:39 . 2010-07-11 13:39 -------- d-----w- c:\documents and settings\STUDENTS\Application Data\Canon
2010-07-09 21:47 . 2010-07-09 21:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Template
2010-07-08 04:53 . 2010-07-08 04:53 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-38ed28fe-n\msvcp71.dll
2010-07-08 04:53 . 2010-07-08 04:53 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-38ed28fe-n\jmc.dll
2010-07-08 04:53 . 2010-07-08 04:53 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-38ed28fe-n\msvcr71.dll
2010-07-08 04:53 . 2010-07-08 04:53 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-33575b6d-n\decora-sse.dll
2010-07-08 04:53 . 2010-07-08 04:53 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-33575b6d-n\decora-d3d.dll
2010-07-08 00:37 . 2010-07-08 00:37 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-08 00:18 . 2010-07-06 17:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-08 00:04 . 2010-07-08 00:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sunbelt Software
2010-07-07 23:59 . 2010-07-06 17:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-07 23:58 . 2010-07-07 23:58 -------- d-----w- c:\documents and settings\STUDENTS\Local Settings\Application Data\Sunbelt Software
2010-07-07 23:53 . 2010-07-07 23:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-07 23:53 . 2010-07-06 17:29 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
2010-07-07 23:53 . 2010-07-07 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-07 23:53 . 2010-07-07 23:53 -------- d-----w- c:\program files\Lavasoft
2010-07-07 22:58 . 2010-07-07 23:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-07 22:58 . 2010-07-07 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-05 21:37 . 2009-07-08 16:01 165376 ----a-w- c:\windows\system32\InetCntrl0014.dll
2010-07-05 21:37 . 2007-06-04 14:55 29024 ----a-w- c:\windows\system32\drivers\bsofrwl.sys
2010-07-05 21:37 . 2009-02-03 18:35 39424 ----a-w- c:\windows\system32\drivers\BSafFltr.sys
2010-07-05 17:08 . 2010-07-05 17:08 503808 ----a-w- c:\documents and settings\PROGRAMS\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6851a1cb-n\msvcp71.dll
2010-07-05 17:08 . 2010-07-05 17:08 499712 ----a-w- c:\documents and settings\PROGRAMS\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6851a1cb-n\jmc.dll
2010-07-05 17:08 . 2010-07-05 17:08 348160 ----a-w- c:\documents and settings\PROGRAMS\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6851a1cb-n\msvcr71.dll
2010-07-05 17:08 . 2010-07-05 17:08 12800 ----a-w- c:\documents and settings\PROGRAMS\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-722fd22d-n\decora-d3d.dll
2010-07-05 17:08 . 2010-07-05 17:08 61440 ----a-w- c:\documents and settings\PROGRAMS\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-722fd22d-n\decora-sse.dll
2010-07-05 15:50 . 2010-07-05 15:50 -------- d-----w- c:\documents and settings\PROGRAMS\Local Settings\Application Data\Scansoft
2010-07-04 20:49 . 2010-07-04 20:49 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-04 20:42 . 2010-07-04 20:42 -------- d-----w- c:\program files\ESET
2010-07-03 21:09 . 2010-07-03 21:09 503808 ----a-w- c:\documents and settings\STUDENTS\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a0bcc80-n\msvcp71.dll
2010-07-03 21:09 . 2010-07-03 21:09 499712 ----a-w- c:\documents and settings\STUDENTS\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a0bcc80-n\jmc.dll
2010-07-03 21:09 . 2010-07-03 21:09 348160 ----a-w- c:\documents and settings\STUDENTS\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a0bcc80-n\msvcr71.dll
2010-07-03 21:09 . 2010-07-03 21:09 61440 ----a-w- c:\documents and settings\STUDENTS\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-28474376-n\decora-sse.dll
2010-07-03 21:09 . 2010-07-03 21:09 12800 ----a-w- c:\documents and settings\STUDENTS\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-28474376-n\decora-d3d.dll
2010-07-03 21:09 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-03 13:43 . 2010-07-03 13:43 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-03 13:43 . 2010-07-03 13:43 -------- d-----w- c:\program files\Trend Micro
2010-07-03 12:32 . 2010-07-03 12:32 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-03 04:47 . 2010-07-03 04:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-30 11:07 . 2010-06-30 11:07 -------- d-----w- c:\documents and settings\STUDENTS\Application Data\Malwarebytes
2010-06-30 02:32 . 2010-07-18 20:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-30 01:46 . 2010-06-30 01:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Systenance
2010-06-24 21:57 . 2010-06-24 21:57 -------- d-----w- c:\documents and settings\PROGRAMS\IECompatCache
2010-06-22 00:37 . 2010-06-22 00:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 20:19 . 2009-01-12 01:41 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-17 16:42 . 2009-02-19 16:27 3106 ----a-w- c:\documents and settings\STUDENTS\Application Data\wklnhst.dat
2010-07-09 21:51 . 2010-07-09 21:47 56 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2010-07-07 23:56 . 2008-04-11 18:33 -------- d-----w- c:\program files\Google
2010-07-03 21:09 . 2008-04-11 18:33 -------- d-----w- c:\program files\Common Files\Java
2010-07-03 21:09 . 2008-04-11 18:33 -------- d-----w- c:\program files\Java
2010-07-03 13:49 . 2010-07-03 13:49 12217 ----a-w- c:\program files\hijackthis one
2010-07-03 12:31 . 2010-04-06 01:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-15 21:55 . 2010-06-15 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-06-15 21:55 . 2010-06-15 21:55 -------- d-----w- c:\documents and settings\STUDENTS\Application Data\ScanSoft
2010-06-15 21:55 . 2010-06-15 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-06-15 21:55 . 2010-06-15 21:55 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-06-15 21:55 . 2008-04-11 18:25 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-15 21:55 . 2010-06-15 21:55 -------- d-----w- c:\program files\ScanSoft
2010-06-15 21:52 . 2008-10-14 23:03 -------- d-----w- c:\program files\Canon
2010-06-15 21:08 . 2010-06-15 21:08 503808 ----a-w- c:\documents and settings\PROGRAMS\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-39bfee96-n\msvcp71.dll
2010-06-15 21:08 . 2010-06-15 21:08 499712 ----a-w- c:\documents and settings\PROGRAMS\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-39bfee96-n\jmc.dll
2010-06-15 21:08 . 2010-06-15 21:08 348160 ----a-w- c:\documents and settings\PROGRAMS\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-39bfee96-n\msvcr71.dll
2010-06-11 01:53 . 2010-06-11 01:53 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7eb4212f-n\msvcp71.dll
2010-06-11 01:53 . 2010-06-11 01:53 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7eb4212f-n\jmc.dll
2010-06-11 01:53 . 2010-06-11 01:53 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7eb4212f-n\msvcr71.dll
2010-06-11 01:53 . 2010-06-11 01:53 -------- d-----w- c:\program files\Mil Incorporated
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\12388\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\12388\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\12388\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\12388\AcrobatUpdater.exe
2010-06-08 13:53 . 2010-06-08 13:53 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-08 13:53 . 2010-06-08 13:53 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-08 13:53 . 2010-06-08 13:53 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-08 13:53 . 2010-06-08 13:53 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-08 13:53 . 2010-06-08 13:53 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-08 13:53 . 2010-06-08 13:53 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-08 13:53 . 2010-06-08 13:53 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-08 13:53 . 2010-06-08 13:53 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-08 13:53 . 2010-06-08 13:53 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-08 13:53 . 2009-10-03 20:41 -------- d-----w- c:\program files\Common Files\Real
2010-06-08 13:53 . 2009-10-03 20:41 -------- d-----w- c:\program files\Real
2010-06-08 13:53 . 2010-06-08 13:53 -------- d-----w- c:\program files\Common Files\xing shared
2010-06-08 13:52 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-08 13:52 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-05 11:38 . 2009-03-10 16:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-28 20:42 . 2009-01-07 21:29 -------- d-----w- c:\documents and settings\STUDENTS\Application Data\U3
2010-05-26 17:07 . 2010-05-26 17:07 503808 ----a-w- c:\documents and settings\STUDENTS\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6d9e90d7-n\msvcp71.dll
2010-05-26 17:07 . 2010-05-26 17:07 499712 ----a-w- c:\documents and settings\STUDENTS\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6d9e90d7-n\jmc.dll
2010-05-26 17:07 . 2010-05-26 17:07 348160 ----a-w- c:\documents and settings\STUDENTS\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6d9e90d7-n\msvcr71.dll
2010-05-23 00:36 . 2010-05-23 00:36 1536 ----a-w- c:\documents and settings\Owner\Application Data\Sketchpad 5 Preferences.dat
2010-05-23 00:29 . 2010-05-23 00:29 -------- d-----w- c:\program files\Sketchpad
2010-05-21 18:14 . 2010-03-22 02:40 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-16 20:27 . 2010-04-11 21:14 439816 ----a-w- c:\documents and settings\PROGRAMS\Application Data\Real\Update\setup3.10\setup.exe
2010-05-06 10:41 . 2006-05-07 01:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2006-05-07 01:24 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2006-05-07 01:24 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-31 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-16 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-16 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-16 94208]
"CHotkey"="zHotkey.exe" [2006-11-07 547840]
"ShowWnd"="ShowWnd.exe" [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" [2006-11-07 53248]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-16 16132608]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-07 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-19 68592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="c:\program files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-08 202256]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"InetCntrl"="c:\windows\system32\InetCntrl\InetCntrl.exe" [2009-06-10 840944]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\STUDENTS\Start Menu\Programs\Startup\
HotSync Manager.LNK - c:\palm\HOTSYNC.EXE [2009-5-4 299008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2009-5-4 299008]
PowerReg Scheduler.exe [2009-5-4 246784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\WINDOWS\\system32\\InetCntrl\\InetCntrl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Broderbund\\Kasparov Chess Windows\\KasparovChess.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ProENGINEER Schools Edition\\i486_nt\\obj\\pro_comm_msg.exe"=
"c:\\Program Files\\ProENGINEER Schools Edition\\i486_nt\\obj\\xtop.exe"=
"c:\\Program Files\\ProENGINEER Schools Edition\\i486_nt\\nms\\nmsd.exe"=
"c:\\Program Files\\RosettaStoneLtdServices\\RosettaStoneLtdController.exe"=
"c:\\Program Files\\RosettaStoneLtdServices\\RosettaStoneLtdServer.exe"=
"c:\\Program Files\\RosettaStoneLtdServices\\RosettaStoneLtdServices.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/7/2010 7:59 PM 64288]
R1 bsofrwl;bsofrwl;c:\windows\system32\drivers\bsofrwl.sys [7/5/2010 5:37 PM 29024]
R2 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files\RosettaStoneLtdServices\RosettaStoneLtdController.exe [9/16/2008 12:02 PM 352312]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 10:57 AM 135664]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/1/2006 1:44 AM 69692]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [5/30/2007 5:34 PM 39424]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 1:28 PM 1352832]

--- Other Services/Drivers In Memory ---

*Deregistered* - BSafeFilter
.
Contents of the 'Scheduled Tasks' folder

2010-07-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 17:28]

2010-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 14:57]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 14:57]

2008-09-16 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-05-07 00:12]

2010-07-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-07-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3919685091-1543033809-828186886-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-07-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3919685091-1543033809-828186886-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-07-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3919685091-1543033809-828186886-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-07-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3919685091-1543033809-828186886-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-07-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3919685091-1543033809-828186886-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-07-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3919685091-1543033809-828186886-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-07-18 c:\windows\Tasks\User_Feed_Synchronization-{03EDDF16-8C2A-4A4B-9E37-2F853836AEB4}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: InetCntrl0014.dll
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file:///C:/Program%20Files/ProENGINEER%20Schools%20Edition/i486_nt/obj/pvx_install.exe
DPF: {EA982C26-97EC-11D5-ABBC-00B0D078911C} - hxxps://pds.ptc.com/Windchill/wtcore/jsp/wvs/download/pviewieplugin.cab
DPF: {F694EA1F-2EC1-445D-8988-1862AD0CC4C8} - hxxps://pds.ptc.com/Windchill/wtcore/jsp/wvs/download/i486_nt_ie/pvvercheck_ie.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
AddRemove-KB913433 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-Marine Aquarium 2, Sharks & Carousel Bundle - c:\program files\Prolific Publishing
AddRemove-RSX2DeinstKey - c:\windows\system32\DeIsL1.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-18 16:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(676)
c:\windows\system32\InetCntrl0014.dll
.
Completion time: 2010-07-18 16:32:59
ComboFix-quarantined-files.txt 2010-07-18 20:32

Pre-Run: 107,565,514,752 bytes free
Post-Run: 110,663,659,520 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 427075E88E8606F27A72001752867B84


I rebooted, and turned back on McAffee, Widows defender and Ad-aware.
Then I ran some google searches which did NOT get redirected (yes!).




#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 18 July 2010 - 04:24 PM

Hello, F Right.

Good news the redirects are gone. You did have a backdoor rootkit.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.




Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
Folder::
C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 F Right

F Right
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 21 July 2010 - 08:03 AM

Etavares,

Thanks for the warning about the backdoor Trojan. Fortunetly there is not any financial or persoanl dta on this machine. IF I use it that way in the future I will reformat first.

Currently, the redirects are still gone and no PC problems are apparent.

I ran the custom combifix supplied. The program said there was a newer version available and asked if I wanted to download it but I declined since we were running a custom script. Here are the results.

ComboFix 10-07-16.02 - Owner 07/20/2010 19:39:14.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1557 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\etavaresCF.exe.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.dat
c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.lan
c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.msi
c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.par
c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.res
c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\instance.dat
c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\mia.lib

.
((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
.

2010-07-18 22:56 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 13:39 . 2010-07-11 13:39 -------- d-----w- c:\documents and settings\STUDENTS\Application Data\Canon
2010-07-09 21:47 . 2010-07-09 21:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Template
2010-07-08 04:53 . 2010-07-08 04:53 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-38ed28fe-n\msvcp71.dll
2010-07-08 04:53 . 2010-07-08 04:53 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-38ed28fe-n\jmc.dll
2010-07-08 04:53 . 2010-07-08 04:53 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-38ed28fe-n\msvcr71.dll
2010-07-08 04:53 . 2010-07-08 04:53 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-33575b6d-n\decora-sse.dll
2010-07-08 04:53 . 2010-07-08 04:53 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-33575b6d-n\decora-d3d.dll
2010-07-08 00:37 . 2010-07-08 00:37 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-08 00:18 . 2010-07-06 17:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-08 00:04 . 2010-07-08 00:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sunbelt Software
2010-07-07 23:59 . 2010-07-06 17:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-07 23:58 . 2010-07-07 23:58 -------- d-----w- c:\documents and settings\STUDENTS\Local Settings\Application Data\Sunbelt Software
2010-07-07 23:53 . 2010-07-07 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-07 23:53 . 2010-07-07 23:53 -------- d-----w- c:\program files\Lavasoft
2010-07-07 22:58 . 2010-07-07 23:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-07 22:58 . 2010-07-07 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-05 21:37 . 2009-07-08 16:01 165376 ----a-w- c:\windows\system32\InetCntrl0014.dll
2010-07-05 21:37 . 2007-06-04 14:55 29024 ----a-w- c:\windows\system32\drivers\bsofrwl.sys
2010-07-05 21:37 . 2009-02-03 18:35 39424 ----a-w- c:\windows\system32\drivers\BSafFltr.sys
2010-07-05 17:08 . 2010-07-05 17:08 503808 ----a-w- c:\documents and settings\PROGRAMS\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6851a1cb-n\msvcp71.dll
2010-07-05 17:08 . 2010-07-05 17:08 499712 ----a-w- c:\documents and settings\PROGRAMS\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6851a1cb-n\jmc.dll
2010-07-05 17:08 . 2010-07-05 17:08 348160 ----a-w- c:\documents and settings\PROGRAMS\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6851a1cb-n\msvcr71.dll
2010-07-05 17:08 . 2010-07-05 17:08 12800 ----a-w- c:\documents and settings\PROGRAMS\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-722fd22d-n\decora-d3d.dll
2010-07-05 17:08 . 2010-07-05 17:08 61440 ----a-w- c:\documents and settings\PROGRAMS\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-722fd22d-n\decora-sse.dll
2010-07-05 15:50 . 2010-07-05 15:50 -------- d-----w- c:\documents and settings\PROGRAMS\Local Settings\Application Data\Scansoft
2010-07-04 20:49 . 2010-07-04 20:49 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-04 20:42 . 2010-07-04 20:42 -------- d-----w- c:\program files\ESET
2010-07-03 21:09 . 2010-07-03 21:09 503808 ----a-w- c:\documents and settings\STUDENTS\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a0bcc80-n\msvcp71.dll
2010-07-03 21:09 . 2010-07-03 21:09 499712 ----a-w- c:\documents and settings\STUDENTS\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a0bcc80-n\jmc.dll
2010-07-03 21:09 . 2010-07-03 21:09 348160 ----a-w- c:\documents and settings\STUDENTS\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a0bcc80-n\msvcr71.dll
2010-07-03 21:09 . 2010-07-03 21:09 61440 ----a-w- c:\documents and settings\STUDENTS\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-28474376-n\decora-sse.dll
2010-07-03 21:09 . 2010-07-03 21:09 12800 ----a-w- c:\documents and settings\STUDENTS\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-28474376-n\decora-d3d.dll
2010-07-03 21:09 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-03 13:43 . 2010-07-03 13:43 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-03 13:43 . 2010-07-03 13:43 -------- d-----w- c:\program files\Trend Micro
2010-07-03 12:32 . 2010-07-03 12:32 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-03 04:47 . 2010-07-03 04:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-30 11:07 . 2010-06-30 11:07 -------- d-----w- c:\documents and settings\STUDENTS\Application Data\Malwarebytes
2010-06-30 02:32 . 2010-07-18 20:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-30 01:46 . 2010-06-30 01:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Systenance
2010-06-24 21:57 . 2010-06-24 21:57 -------- d-----w- c:\documents and settings\PROGRAMS\IECompatCache
2010-06-22 00:37 . 2010-06-22 00:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 23:35 . 2009-01-12 01:41 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-17 16:42 . 2009-02-19 16:27 3106 ----a-w- c:\documents and settings\STUDENTS\Application Data\wklnhst.dat
2010-07-09 21:51 . 2010-07-09 21:47 56 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2010-07-07 23:56 . 2008-04-11 18:33 -------- d-----w- c:\program files\Google
2010-07-03 21:09 . 2008-04-11 18:33 -------- d-----w- c:\program files\Common Files\Java
2010-07-03 21:09 . 2008-04-11 18:33 -------- d-----w- c:\program files\Java
2010-07-03 13:49 . 2010-07-03 13:49 12217 ----a-w- c:\program files\hijackthis one
2010-07-03 12:31 . 2010-04-06 01:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-15 21:55 . 2010-06-15 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-06-15 21:55 . 2010-06-15 21:55 -------- d-----w- c:\documents and settings\STUDENTS\Application Data\ScanSoft
2010-06-15 21:55 . 2010-06-15 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-06-15 21:55 . 2010-06-15 21:55 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-06-15 21:55 . 2008-04-11 18:25 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-15 21:55 . 2010-06-15 21:55 -------- d-----w- c:\program files\ScanSoft
2010-06-15 21:52 . 2008-10-14 23:03 -------- d-----w- c:\program files\Canon
2010-06-15 21:08 . 2010-06-15 21:08 503808 ----a-w- c:\documents and settings\PROGRAMS\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-39bfee96-n\msvcp71.dll
2010-06-15 21:08 . 2010-06-15 21:08 499712 ----a-w- c:\documents and settings\PROGRAMS\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-39bfee96-n\jmc.dll
2010-06-15 21:08 . 2010-06-15 21:08 348160 ----a-w- c:\documents and settings\PROGRAMS\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-39bfee96-n\msvcr71.dll
2010-06-14 14:31 . 2006-05-07 01:36 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 01:53 . 2010-06-11 01:53 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7eb4212f-n\msvcp71.dll
2010-06-11 01:53 . 2010-06-11 01:53 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7eb4212f-n\jmc.dll
2010-06-11 01:53 . 2010-06-11 01:53 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7eb4212f-n\msvcr71.dll
2010-06-11 01:53 . 2010-06-11 01:53 -------- d-----w- c:\program files\Mil Incorporated
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\12388\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\12388\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\12388\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\12388\AcrobatUpdater.exe
2010-06-08 13:53 . 2010-06-08 13:53 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-08 13:53 . 2010-06-08 13:53 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-08 13:53 . 2010-06-08 13:53 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-08 13:53 . 2010-06-08 13:53 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-08 13:53 . 2010-06-08 13:53 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-08 13:53 . 2010-06-08 13:53 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-08 13:53 . 2010-06-08 13:53 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-08 13:53 . 2010-06-08 13:53 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-08 13:53 . 2010-06-08 13:53 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-08 13:53 . 2009-10-03 20:41 -------- d-----w- c:\program files\Common Files\Real
2010-06-08 13:53 . 2009-10-03 20:41 -------- d-----w- c:\program files\Real
2010-06-08 13:53 . 2010-06-08 13:53 -------- d-----w- c:\program files\Common Files\xing shared
2010-06-08 13:52 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-08 13:52 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-05 11:38 . 2009-03-10 16:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-28 20:42 . 2009-01-07 21:29 -------- d-----w- c:\documents and settings\STUDENTS\Application Data\U3
2010-05-26 17:07 . 2010-05-26 17:07 503808 ----a-w- c:\documents and settings\STUDENTS\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6d9e90d7-n\msvcp71.dll
2010-05-26 17:07 . 2010-05-26 17:07 499712 ----a-w- c:\documents and settings\STUDENTS\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6d9e90d7-n\jmc.dll
2010-05-26 17:07 . 2010-05-26 17:07 348160 ----a-w- c:\documents and settings\STUDENTS\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6d9e90d7-n\msvcr71.dll
2010-05-23 00:36 . 2010-05-23 00:36 1536 ----a-w- c:\documents and settings\Owner\Application Data\Sketchpad 5 Preferences.dat
2010-05-23 00:29 . 2010-05-23 00:29 -------- d-----w- c:\program files\Sketchpad
2010-05-21 18:14 . 2010-03-22 02:40 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-16 20:27 . 2010-04-11 21:14 439816 ----a-w- c:\documents and settings\PROGRAMS\Application Data\Real\Update\setup3.10\setup.exe
2010-05-06 10:41 . 2006-05-07 01:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2006-05-07 01:24 1851264 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-07-18_20.31.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-20 23:36 . 2010-07-20 23:36 16384 c:\windows\Temp\Perflib_Perfdata_67c.dat
+ 2010-03-31 04:16 . 2010-03-31 04:16 99176 c:\windows\system32\PresentationHostProxy.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 49488 c:\windows\system32\netfxperf.dll
+ 2010-07-05 21:37 . 2010-07-20 23:38 68448 c:\windows\system32\InetCntrl\Data\userpolicy.bin
- 2010-07-05 21:37 . 2010-07-18 20:04 68448 c:\windows\system32\InetCntrl\Data\userpolicy.bin
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2008-09-27 19:11 . 2010-06-11 02:06 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-09-27 19:11 . 2010-07-19 02:05 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-09-27 19:11 . 2010-06-11 02:06 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-09-27 19:11 . 2010-07-19 02:05 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-09-27 19:11 . 2010-06-11 02:06 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-09-27 19:11 . 2010-07-19 02:05 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-09-27 19:11 . 2010-07-19 02:05 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-09-27 19:11 . 2010-06-11 02:06 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-07-18 20:52 . 2010-07-18 20:52 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
+ 2010-07-18 20:58 . 2010-07-18 20:58 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
+ 2010-07-18 20:51 . 2010-07-18 20:51 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe
+ 2010-07-18 20:51 . 2010-07-18 20:51 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2008-09-27 19:11 . 2010-06-11 02:06 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-09-27 19:11 . 2010-07-19 02:05 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-07-18 20:49 . 2010-07-18 20:49 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-11 02:00 . 2010-06-11 02:00 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-11 02:00 . 2010-06-11 02:00 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-03-31 04:10 . 2010-03-31 04:10 295264 c:\windows\system32\PresentationHost.exe
+ 2006-05-07 01:24 . 2010-07-18 20:50 604530 c:\windows\system32\perfh009.dat
+ 2006-05-07 01:24 . 2010-07-18 20:50 128340 c:\windows\system32\perfc009.dat
+ 2009-11-07 05:07 . 2009-11-07 05:07 297808 c:\windows\system32\mscoree.dll
+ 2010-03-31 04:16 . 2010-03-31 04:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
- 2008-09-27 19:11 . 2010-06-11 02:06 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-09-27 19:11 . 2010-07-19 02:05 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-09-27 19:11 . 2010-06-11 02:06 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-09-27 19:11 . 2010-07-19 02:05 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-09-27 19:11 . 2010-07-19 02:05 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-09-27 19:11 . 2010-06-11 02:06 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-09-27 19:11 . 2010-07-19 02:05 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-09-27 19:11 . 2010-06-11 02:06 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-09-27 19:11 . 2010-06-11 02:06 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-09-27 19:11 . 2010-07-19 02:05 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-07-18 20:52 . 2010-07-18 20:52 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll
+ 2010-07-18 20:52 . 2010-07-18 20:52 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll
+ 2010-07-18 20:52 . 2010-07-18 20:52 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll
+ 2010-07-18 20:52 . 2010-07-18 20:52 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
+ 2010-07-18 20:52 . 2010-07-18 20:52 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll
+ 2010-07-18 20:52 . 2010-07-18 20:52 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-11-07 05:06 . 2009-11-07 05:06 1130824 c:\windows\system32\dfshim.dll
+ 2009-11-09 04:25 . 2009-11-09 04:25 1935360 c:\windows\Installer\548cf.msp
+ 2010-05-25 15:45 . 2010-05-25 15:45 8445440 c:\windows\Installer\12499d8.msp
+ 2010-07-01 02:52 . 2010-07-01 02:52 5522944 c:\windows\Installer\12499c4.msp
+ 2010-07-18 20:51 . 2010-07-18 20:51 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
+ 2010-07-18 20:52 . 2010-07-18 20:52 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll
+ 2010-07-18 20:52 . 2010-07-18 20:52 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll
+ 2010-07-18 20:52 . 2010-07-18 20:52 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll
+ 2010-07-18 20:52 . 2010-07-18 20:52 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-07-18 20:49 . 2010-07-18 20:49 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-23 02:27 . 2009-08-23 02:27 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-06-11 02:00 . 2010-06-11 02:00 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-09-21 13:54 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
+ 2010-03-31 05:23 . 2010-03-31 05:23 15638528 c:\windows\Installer\548dc.msp
+ 2010-07-18 20:52 . 2010-07-18 20:52 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
+ 2010-07-18 20:51 . 2010-07-18 20:51 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
+ 2010-07-18 20:50 . 2010-07-18 20:50 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
- 2009-10-17 17:23 . 2009-10-17 17:23 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-31 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-16 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-16 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-16 94208]
"CHotkey"="zHotkey.exe" [2006-11-07 547840]
"ShowWnd"="ShowWnd.exe" [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" [2006-11-07 53248]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-16 16132608]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-07 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-19 68592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="c:\program files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-08 202256]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"InetCntrl"="c:\windows\system32\InetCntrl\InetCntrl.exe" [2009-06-10 840944]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\STUDENTS\Start Menu\Programs\Startup\
HotSync Manager.LNK - c:\palm\HOTSYNC.EXE [2009-5-4 299008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2009-5-4 299008]
PowerReg Scheduler.exe [2009-5-4 246784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\WINDOWS\\system32\\InetCntrl\\InetCntrl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Broderbund\\Kasparov Chess Windows\\KasparovChess.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ProENGINEER Schools Edition\\i486_nt\\obj\\pro_comm_msg.exe"=
"c:\\Program Files\\ProENGINEER Schools Edition\\i486_nt\\obj\\xtop.exe"=
"c:\\Program Files\\ProENGINEER Schools Edition\\i486_nt\\nms\\nmsd.exe"=
"c:\\Program Files\\RosettaStoneLtdServices\\RosettaStoneLtdController.exe"=
"c:\\Program Files\\RosettaStoneLtdServices\\RosettaStoneLtdServer.exe"=
"c:\\Program Files\\RosettaStoneLtdServices\\RosettaStoneLtdServices.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/7/2010 7:59 PM 64288]
R1 bsofrwl;bsofrwl;c:\windows\system32\drivers\bsofrwl.sys [7/5/2010 5:37 PM 29024]
R2 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files\RosettaStoneLtdServices\RosettaStoneLtdController.exe [9/16/2008 12:02 PM 352312]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 10:57 AM 135664]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/1/2006 1:44 AM 69692]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [5/30/2007 5:34 PM 39424]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 1:28 PM 1352832]

--- Other Services/Drivers In Memory ---

*Deregistered* - BSafeFilter
.
Contents of the 'Scheduled Tasks' folder

2010-07-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 17:28]

2010-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 14:57]

2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 14:57]

2008-09-16 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-05-07 00:12]

2010-07-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-07-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3919685091-1543033809-828186886-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-07-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3919685091-1543033809-828186886-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-07-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3919685091-1543033809-828186886-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-07-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3919685091-1543033809-828186886-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-07-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3919685091-1543033809-828186886-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-07-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3919685091-1543033809-828186886-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{03EDDF16-8C2A-4A4B-9E37-2F853836AEB4}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: InetCntrl0014.dll
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file:///C:/Program%20Files/ProENGINEER%20Schools%20Edition/i486_nt/obj/pvx_install.exe
DPF: {EA982C26-97EC-11D5-ABBC-00B0D078911C} - hxxps://pds.ptc.com/Windchill/wtcore/jsp/wvs/download/pviewieplugin.cab
DPF: {F694EA1F-2EC1-445D-8988-1862AD0CC4C8} - hxxps://pds.ptc.com/Windchill/wtcore/jsp/wvs/download/i486_nt_ie/pvvercheck_ie.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Ad-Aware - c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 19:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(676)
c:\windows\system32\InetCntrl0014.dll
.
Completion time: 2010-07-20 19:48:31
ComboFix-quarantined-files.txt 2010-07-20 23:48
ComboFix2.txt 2010-07-18 20:32

Pre-Run: 109,830,660,096 bytes free
Post-Run: 110,357,188,608 bytes free

- - End Of File - - A398368248B925891779A9E11A65B369

So . . how's it look?

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 21 July 2010 - 05:55 PM

Hello, F Right.

Thanks for asking about the update to CF! *IF* we have to run it again (doubt it), go ahead and download the update at that time.

It's looking better, so let's update a few programs and run an antivirus scan for a second opinion.



Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 21 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.



Step 2

Your Adobe Reader software is out of date and has known security holes. Please launch it, go to Help --> Check for Updates and let it update the main program if needed. Updates the languages and/or dictionaries is optional.



Step 3


Let's try running OTL again. Please delete you copy and start from scratch.

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
    • This is first Mirror
    • [urhttp://www.itxassociates.com/OT-Tools/OTL.exe]This is the second mirror[/url]
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 4

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 26 July 2010 - 06:09 PM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 F Right

F Right
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 28 July 2010 - 03:09 PM

Sorry for the delay!

Etarves,

I have finished the last set on instructions. First I took care of Java and Adobe as instructed then I ran OTL with the empty temp command and got the following txt aft er reboot:

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: HelpAssistant
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 10306 bytes
->Temporary Internet Files folder emptied: 615990 bytes
->Java cache emptied: 12169 bytes
->Flash cache emptied: 33283 bytes

User: Owner
->Temp folder emptied: 66383111 bytes
->Temporary Internet Files folder emptied: 23257911 bytes
->Java cache emptied: 10766625 bytes
->Flash cache emptied: 5264486 bytes

User: PROGRAMS
->Temp folder emptied: 640800 bytes
->Temporary Internet Files folder emptied: 6973035 bytes
->Java cache emptied: 72669004 bytes
->Flash cache emptied: 37399 bytes

User: STUDENTS
->Temp folder emptied: 38817742 bytes
->Temporary Internet Files folder emptied: 1054936321 bytes
->Java cache emptied: 89792473 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 2948851 bytes

%systemdrive% .tmp files removed: 14648 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 16980377 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65276 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,327.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 07272010_234542

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\WFV3.tmp moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF7E0C.tmp moved successfully.

Registry entries deleted on Reboot...

Next I created a new OTL report:

OTL logfile created on: 7/28/2010 12:10:17 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.15 Gb Total Space | 98.91 Gb Free Space | 69.58% Space Free | Partition Type: NTFS
Drive D: | 6.89 Gb Total Space | 4.22 Gb Free Space | 61.24% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 7.03 Gb Free Space | 94.39% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-C30BE43EA5
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/18 08:50:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/04/17 00:18:36 | 012,315,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/07/26 14:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/06/18 07:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2009/06/18 06:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lkads.exe
PRC - [2009/06/18 06:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lktsrv.exe
PRC - [2009/06/15 20:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
PRC - [2009/06/10 11:16:18 | 000,840,944 | ---- | M] (Bsafe Online, Inc.) -- C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
PRC - [2009/06/04 09:31:10 | 000,193,648 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
PRC - [2009/06/04 04:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nisvcloc.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/05 16:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) -- C:\VXIPNP\WinNT\NIvisa\niLxiDiscovery.exe
PRC - [2008/12/31 19:26:18 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/01 17:49:14 | 000,608,360 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2008/09/16 12:02:42 | 000,352,312 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
PRC - [2008/09/16 12:02:42 | 000,013,368 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
PRC - [2008/08/21 23:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nipalsm.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/06 18:58:16 | 001,060,376 | ---- | M] () -- C:\Program Files\Labtec\WebCam10\WebCam10.exe
PRC - [2007/03/06 18:51:26 | 000,252,704 | ---- | M] (Labtec Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
PRC - [2007/03/06 18:48:46 | 000,488,984 | ---- | M] (Labtec Inc,) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2006/11/07 17:34:26 | 000,053,248 | ---- | M] (Chicony) -- C:\WINDOWS\ModPS2Key.exe
PRC - [2006/11/07 17:08:40 | 000,547,840 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/06/30 23:56:08 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2001/06/07 16:01:00 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Palm\Hotsync.exe


========== Modules (SafeList) ==========

MOD - [2010/07/18 08:50:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/06/04 10:55:26 | 000,081,920 | ---- | M] (Bsafe Online, Inc.) -- C:\WINDOWS\system32\InetCntrl\PopupKil\popuphuk.dll
MOD - [2007/02/05 09:29:04 | 000,139,264 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/06 13:28:44 | 001,352,832 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/18 10:10:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009/06/22 19:09:02 | 000,028,744 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\NiRioRpc.exe -- (NiRioRpc)
SRV - [2009/06/18 07:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009/06/18 06:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds)
SRV - [2009/06/18 06:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync)
SRV - [2009/06/15 20:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2009/06/04 09:31:10 | 000,193,648 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2009/06/04 04:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/05 16:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\VXIPNP\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery)
SRV - [2008/12/01 17:49:14 | 000,608,360 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2008/10/31 14:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008/09/16 12:02:42 | 000,352,312 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe -- (RosettaStoneLtdController)
SRV - [2008/08/21 23:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (nipxirmu)
SRV - [2007/05/09 15:34:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\Opcenum.exe -- (OpcEnum)
SRV - [2007/03/06 18:55:24 | 000,105,248 | ---- | M] (Labtec Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/06/30 23:56:08 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - [2010/07/06 13:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/21 13:58:10 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViPciKl.sys -- (NiViPciK)
DRV - [2009/06/21 13:58:08 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV - [2009/06/17 11:35:48 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1045kl.sys -- (ni1045k)
DRV - [2009/06/16 08:42:54 | 000,027,744 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\niwdk.sys -- (niwdk)
DRV - [2009/06/14 15:32:28 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niorbkl.sys -- (niorbk)
DRV - [2009/06/04 17:02:22 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nipxirmkl.sys -- (nipxirmk)
DRV - [2009/05/26 20:35:50 | 000,011,896 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV - [2009/05/26 20:34:52 | 000,592,472 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nipalk.sys -- (NIPALK)
DRV - [2009/05/26 20:33:32 | 000,011,904 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV - [2009/05/22 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2009/04/01 15:31:02 | 000,022,608 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1065k.sys -- (ni1065k)
DRV - [2009/04/01 15:16:54 | 000,026,192 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1006k.sys -- (ni1006k)
DRV - [2009/03/05 16:16:06 | 000,011,384 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViFWKl.sys -- (NiViFWK)
DRV - [2008/08/21 21:04:58 | 000,015,448 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nipbcfk.sys -- (nipbcfk)
DRV - [2008/06/25 12:02:24 | 000,020,568 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipxigpk.sys -- (nipxigpk)
DRV - [2008/06/13 14:51:06 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidimkl.sys -- (nidimk)
DRV - [2008/06/13 14:50:38 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimxdfkl.sys -- (nimxdfk)
DRV - [2008/06/13 14:49:04 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimdbgkl.sys -- (nimdbgk)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/16 03:27:14 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/03/16 03:26:50 | 004,402,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/03/15 23:47:48 | 001,181,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/06/04 10:55:26 | 000,029,024 | ---- | M] (NT Kernel Resources) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\bsofrwl.sys -- (bsofrwl)
DRV - [2007/05/30 17:34:44 | 000,039,424 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fantom.sys -- (FANTOM)
DRV - [2007/03/06 18:54:40 | 000,041,376 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/03/06 18:52:46 | 002,261,792 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/03/06 18:50:30 | 001,669,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/03/06 18:48:46 | 001,273,504 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/03/06 18:48:46 | 000,014,240 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/09/23 19:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/18 01:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 01:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 01:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 01:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 01:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 00:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 00:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 00:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 00:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 00:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 00:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 00:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 00:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 00:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 00:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 23:10:58 | 000,069,692 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el575ND5.sys -- (el575nd5)
DRV - [2001/06/07 16:01:00 | 000,012,270 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3650
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3650
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3919685091-1543033809-828186886-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3919685091-1543033809-828186886-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKU\S-1-5-21-3919685091-1543033809-828186886-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3919685091-1543033809-828186886-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/08 09:53:37 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/20 19:46:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\BAE.dll (Gateway Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Bsecure Popup Blocker) - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll (Bsecure Technologies, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bsecure Popup Blocker) - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll (Bsecure Technologies, Inc.)
O3 - HKU\S-1-5-21-3919685091-1543033809-828186886-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3919685091-1543033809-828186886-1003\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe (Bsafe Online, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Labtec Inc,)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Labtec\WebCam10\WebCam10.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [ModPS2] C:\WINDOWS\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3919685091-1543033809-828186886-1003..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-21-3919685091-1543033809-828186886-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\Hotsync.exe (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\STUDENTS\Start Menu\Programs\Startup\HotSync Manager.LNK = C:\Palm\Hotsync.exe (Palm, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3919685091-1543033809-828186886-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3919685091-1543033809-828186886-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3919685091-1543033809-828186886-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3919685091-1543033809-828186886-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} file:///C:/Program%20Files/ProENGINEER%20Schools%20Edition/i486_nt/obj/pvx_install.exe (ProductView Express)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/download/7/1...20/pmupd806.exe (MSN Money Charting)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} http://www.platoweb.com/pathways/pway_iis....ab/pwlninst.cab (PWLNINST Control)
O16 - DPF: {EA982C26-97EC-11D5-ABBC-00B0D078911C} https://pds.ptc.com/Windchill/wtcore/jsp/wv...iewieplugin.cab (PViewIEPlugin Control)
O16 - DPF: {F694EA1F-2EC1-445D-8988-1862AD0CC4C8} https://pds.ptc.com/Windchill/wtcore/jsp/wv...vercheck_ie.cab (pvvercheck_ie Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/24 20:42:48 | 000,000,000 | ---D | M] - C:\AUTOEXEC -- [ NTFS ]
O32 - AutoRun File - [2010/06/01 22:22:14 | 000,072,192 | ---- | M] () - F:\Autoimmune Disorders clipboard.doc -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/27 23:47:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/27 23:45:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/27 23:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/27 23:36:42 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/27 23:36:41 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/27 23:36:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/27 23:36:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/22 22:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 6.7.1
[2010/07/22 22:05:59 | 000,000,000 | ---D | C] -- C:\FRCJava
[2010/07/22 22:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/07/22 21:28:15 | 000,000,000 | ---D | C] -- C:\Packages
[2010/07/22 21:14:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cvirte
[2010/07/22 21:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\National Instruments
[2010/07/22 21:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IVI Foundation
[2010/07/22 20:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2010/07/18 18:56:02 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/18 16:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SECURITY PROGRAMS
[2010/07/18 16:10:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/18 16:04:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/18 16:04:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/18 16:04:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/18 16:04:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/18 16:04:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/18 16:04:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/18 08:56:49 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/09 17:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/07/07 20:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software
[2010/07/07 19:59:25 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/07 19:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/07/07 19:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/07/07 18:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/07 18:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/05 17:37:40 | 000,039,424 | ---- | C] (BSafe Online) -- C:\WINDOWS\System32\drivers\BSafFltr.sys
[2010/07/05 13:44:33 | 014,510,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\mpas-fe.exe
[2010/07/05 13:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\COMPUTER SECURITY
[2010/07/04 16:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/03 17:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/03 17:09:05 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/03 09:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/03 00:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/03 00:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/01 19:24:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/06/29 22:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/29 22:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/29 21:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Systenance
[2010/06/27 09:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\VASCULITIS
[2010/06/20 16:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\VITAMIN D
[2010/06/16 22:48:14 | 000,277,504 | ---- | C] (Nektra S.A.) -- C:\WINDOWS\System32\oestore.dll
[2010/06/16 22:48:14 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.ocx
[2010/06/15 17:52:04 | 000,215,040 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM93.DLL
[2010/06/15 17:51:56 | 000,200,704 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC610L.DLL
[2010/06/15 17:51:56 | 000,188,416 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNC610O.DLL
[2010/06/15 17:51:56 | 000,098,304 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC610I.DLL
[2010/06/15 17:51:55 | 001,400,832 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC610C.DLL
[4 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/28 00:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/28 00:10:01 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/28 00:07:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/28 00:07:12 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3919685091-1543033809-828186886-1003.job
[2010/07/28 00:07:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3919685091-1543033809-828186886-1008.job
[2010/07/28 00:07:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3919685091-1543033809-828186886-1007.job
[2010/07/28 00:06:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/28 00:06:54 | 2138,624,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/28 00:06:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/28 00:05:45 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/07/28 00:05:45 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/28 00:05:45 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/07/27 23:41:16 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/27 23:38:16 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3919685091-1543033809-828186886-1003.job
[2010/07/27 23:36:30 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/27 23:36:30 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/27 23:36:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/27 23:36:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/27 23:36:30 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/27 22:08:23 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{03EDDF16-8C2A-4A4B-9E37-2F853836AEB4}.job
[2010/07/27 20:26:19 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3919685091-1543033809-828186886-1007.job
[2010/07/27 19:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/25 23:03:49 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\STD tests.doc
[2010/07/25 22:53:26 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/24 20:13:08 | 003,205,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KDL-46EX500 owners manual.pdf
[2010/07/24 20:10:33 | 000,045,960 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/22 22:39:22 | 000,204,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/22 22:07:29 | 000,001,716 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NetBeans IDE 6.7.1.lnk
[2010/07/22 22:04:21 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3919685091-1543033809-828186886-1008.job
[2010/07/22 21:26:20 | 000,005,807 | ---- | M] () -- C:\WINDOWS\System32\niorbmap
[2010/07/20 19:46:49 | 000,000,235 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/20 19:46:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/18 16:50:16 | 000,725,496 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/18 16:50:16 | 000,604,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/18 16:50:16 | 000,128,340 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/18 16:15:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/18 16:10:51 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/18 08:50:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/14 18:51:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 17:51:00 | 000,000,056 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/07/08 06:57:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/07/08 06:55:28 | 000,427,715 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Why we request you disable CD Emulation when receiving Malware Removal Advice.mht
[2010/07/07 20:37:54 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/07 18:58:31 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/06 13:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/06 13:28:44 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/06 12:20:48 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/07/05 22:13:34 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2010/07/05 13:44:43 | 014,510,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\mpas-fe.exe
[2010/07/05 13:43:11 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows defender etc.doc
[2010/07/05 09:43:58 | 000,715,872 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Medical_Exposures_Fact_Sheet[1].pdf
[2010/07/04 16:49:57 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/03 09:49:01 | 000,012,217 | ---- | M] () -- C:\Program Files\hijackthis one
[2010/07/01 13:42:46 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\launch.xml
[2010/07/01 13:42:37 | 000,000,329 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\launcherData.xml
[2010/06/21 21:02:47 | 000,315,495 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Beta-Blockers - Side Effects.mht
[2010/06/21 20:56:03 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Heart palpitations.doc
[2010/06/20 22:04:15 | 000,000,032 | ---- | M] () -- C:\WINDOWS\vb_mconf.ini
[2010/06/15 17:55:48 | 000,000,412 | ---- | M] () -- C:\WINDOWS\MAXLINK.INI
[2010/06/14 21:20:39 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\high school junior scholarships.doc
[2010/06/14 20:57:40 | 000,232,819 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ayn Rand Institute Essay Contests — Ayn Rand Novels.mht
[2010/06/14 10:31:20 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/06/12 12:11:28 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HDMI Card.doc
[2010/06/12 11:57:14 | 000,095,019 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ASUS Card Rebate Form.pdf
[2010/06/12 11:32:43 | 000,008,790 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DIY-PCI06.jpg
[2010/06/11 19:00:02 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/11 18:57:36 | 000,074,248 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RCTA Order Placed Order # 3527.mht
[2010/06/10 22:06:25 | 000,000,967 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/08 09:53:37 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/06/08 09:53:29 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/06/08 09:53:15 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/06/08 09:53:15 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/06/08 09:52:40 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/05/27 21:27:33 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\windows xp backup restore wizard.doc
[2010/05/22 20:36:33 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Sketchpad 5 Preferences.dat
[2010/05/22 20:27:46 | 085,665,699 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\InstallSketchpad.zip
[2010/05/22 20:17:56 | 000,184,924 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The Geometer's Sketchpad single license.mht
[2010/05/21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/06 06:41:53 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/05/06 06:41:52 | 005,950,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/05/06 06:41:52 | 001,209,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/05/06 06:41:52 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/05/06 06:41:52 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/05/06 06:41:52 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/05/06 06:41:51 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/05/06 06:41:51 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/05/06 06:41:51 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/05/06 06:41:51 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/05/06 06:41:51 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/05/06 06:41:51 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/05/06 06:41:50 | 001,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/05/06 06:41:50 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/05/06 06:41:50 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/05/06 06:41:50 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/05/06 06:41:50 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/05/06 06:41:49 | 011,076,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/05/06 06:41:48 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/05/06 06:41:48 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/05/06 06:41:48 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/05/05 09:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010/05/05 09:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010/05/02 20:58:17 | 000,103,424 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Take your temperature.doc
[2010/05/02 01:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2010/05/02 01:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[4 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/25 22:58:29 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\STD tests.doc
[2010/07/24 20:13:08 | 003,205,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KDL-46EX500 owners manual.pdf
[2010/07/22 22:07:29 | 000,001,716 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NetBeans IDE 6.7.1.lnk
[2010/07/22 21:08:58 | 000,005,807 | ---- | C] () -- C:\WINDOWS\System32\niorbmap
[2010/07/18 16:10:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/18 16:10:46 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/18 16:04:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/18 16:04:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/18 16:04:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/18 16:04:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/18 16:04:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/09 17:47:15 | 000,000,056 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/07/08 06:57:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/07/08 06:56:44 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/07/08 06:55:24 | 000,427,715 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Why we request you disable CD Emulation when receiving Malware Removal Advice.mht
[2010/07/07 20:18:48 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/07 20:04:04 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/07 18:58:31 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/05 17:37:41 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\InetCntrl0014.dll
[2010/07/05 13:41:57 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows defender etc.doc
[2010/07/05 13:39:00 | 000,715,872 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Medical_Exposures_Fact_Sheet[1].pdf
[2010/07/04 16:49:57 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/03 09:49:01 | 000,012,217 | ---- | C] () -- C:\Program Files\hijackthis one
[2010/07/03 09:43:11 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2010/06/29 22:32:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/24 17:58:01 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3919685091-1543033809-828186886-1008.job
[2010/06/24 17:58:01 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3919685091-1543033809-828186886-1008.job
[2010/06/21 21:02:46 | 000,315,495 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Beta-Blockers - Side Effects.mht
[2010/06/21 20:39:49 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Heart palpitations.doc
[2010/06/15 17:55:48 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010/06/14 20:57:39 | 000,232,819 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ayn Rand Institute Essay Contests — Ayn Rand Novels.mht
[2010/06/14 20:47:59 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\high school junior scholarships.doc
[2010/06/12 11:57:14 | 000,095,019 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ASUS Card Rebate Form.pdf
[2010/06/12 11:55:29 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HDMI Card.doc
[2010/06/12 11:32:53 | 000,008,790 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DIY-PCI06.jpg
[2010/06/11 18:57:36 | 000,074,248 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RCTA Order Placed Order # 3527.mht
[2010/06/10 21:53:02 | 000,000,032 | ---- | C] () -- C:\WINDOWS\vb_mconf.ini
[2010/06/09 20:36:07 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3919685091-1543033809-828186886-1003.job
[2010/06/09 20:36:07 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3919685091-1543033809-828186886-1003.job
[2010/06/08 09:53:38 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3919685091-1543033809-828186886-1007.job
[2010/06/08 09:53:38 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3919685091-1543033809-828186886-1007.job
[2010/06/08 09:53:37 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/05/27 21:27:32 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\windows xp backup restore wizard.doc
[2010/05/22 20:27:43 | 085,665,699 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\InstallSketchpad.zip
[2010/05/22 20:17:55 | 000,184,924 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The Geometer's Sketchpad single license.mht
[2010/05/02 09:28:43 | 000,103,424 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Take your temperature.doc
[2010/01/18 21:22:05 | 000,051,370 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/06/14 14:15:52 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini
[2009/06/11 16:23:34 | 000,039,968 | ---- | C] () -- C:\WINDOWS\System32\LVWUtil32.dll
[2009/05/26 20:34:58 | 000,003,520 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll
[2009/05/22 10:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2009/05/01 17:39:42 | 000,000,465 | ---- | C] () -- C:\WINDOWS\BMPLDraw.ini
[2009/04/28 21:25:28 | 000,007,436 | ---- | C] () -- C:\WINDOWS\LDraw.INI
[2009/04/22 12:09:00 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2009/04/21 14:22:11 | 000,000,032 | ---- | C] () -- C:\WINDOWS\HIGHERG.INI
[2009/04/16 10:56:32 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2009/04/07 22:54:09 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\sysogg.dll
[2009/04/03 15:42:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/12/25 16:03:19 | 000,254,976 | ---- | C] () -- C:\WINDOWS\System32\SMSEQ.DLL
[2008/12/25 16:03:19 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SMOOTHS.DLL
[2008/12/25 16:03:19 | 000,014,048 | ---- | C] () -- C:\WINDOWS\System32\SMOOTH16.DLL
[2008/12/25 16:03:19 | 000,010,720 | ---- | C] () -- C:\WINDOWS\System32\SCRLIB.DLL
[2008/10/14 19:04:46 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2008/09/27 15:11:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/21 14:46:43 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Cosmos.ini
[2008/09/21 14:24:51 | 000,000,126 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/21 14:24:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/09/21 10:51:31 | 000,000,147 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2008/09/21 09:59:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\writtool.ini
[2008/09/16 20:15:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\mathadv2002.ini
[2008/09/16 20:14:47 | 000,000,211 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2008/09/16 20:11:03 | 000,000,226 | ---- | C] () -- C:\WINDOWS\qtw.ini
[2008/09/16 20:05:21 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2008/09/16 20:03:54 | 000,000,011 | ---- | C] () -- C:\WINDOWS\gkv5univ.ini
[2008/09/16 20:03:43 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2008/09/16 20:03:43 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\IC32.INI
[2008/09/10 15:46:46 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\tbbmalloc.dll
[2008/04/11 14:25:05 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2008/04/11 14:25:05 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2008/04/11 14:24:49 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/06 18:50:30 | 001,669,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2006/07/01 03:01:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/06 21:24:27 | 000,001,456 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/06 21:24:27 | 000,000,483 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/06/26 15:08:32 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\HexactoConduit.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

And finally I ran the ESET OnlineScan:

It did find a couple of Trojans, and it quarantined them.

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ultra.sys.vir Win32/Olmarik.ZC trojan cleaned - quarantined
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP584\A0165213.sys Win32/Olmarik.ZC trojan cleaned – quarantined.

What’s next?


#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 28 July 2010 - 06:06 PM

Hello, F Right.

I thought we were done...but I saw something I didn't like in your OTL log. Might just be leftovers.

As for ESET, that's a good scan. It found something we already quarantined, and an inactive leftover in system restore we'll take car eof when we clean up.

How is your computer running?



Step 1

Download and run HAMeb_check.exe
Post the contents of the resulting log.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 F Right

F Right
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 29 July 2010 - 08:10 PM

etavares,

The computer seems to be running fine.

Here is the latest log (HA):

C:\Documents and Settings\Owner\Desktop\HAMeb_check.exe
Thu 07/29/2010 at 20:56:54.81

Account active Yes
Local Group Memberships

~~ Checking profile list ~~

S-1-5-21-3919685091-1543033809-828186886-1006
%SystemDrive%\Documents and Settings\HelpAssistant

~~ Checking for HelpAssistant directories ~~

HelpAssistant

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~

F Right



#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 29 July 2010 - 08:20 PM

Is there a reason the Help Assistant profile is enabled on your machine? (It's OK if you don't know what I'm asking). It doesn't look like you had the Mebroot Virus that takes advantage of a loophole with HA, but it may be taking up a lot of space.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 F Right

F Right
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 30 July 2010 - 07:38 AM

Help Assistant profile ?

No, I don't know what it is, nor do I use it (at least I think I don't).

Should I turn it off?

F Right

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 30 July 2010 - 05:16 PM

Hello, F Right.
OK, go ahead and run this.

Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.
Double click the file to run it and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.



etavares

Edited by etavares, 30 July 2010 - 05:17 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users