Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with a google redirect/random pop up type virus


  • This topic is locked This topic is locked
16 replies to this topic

#1 shaollin

shaollin

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 01 August 2010 - 06:05 AM

Hello,

I am currently having probles with a virus/malware on my computer that sometimes (I would say one in four approx) redirects the new windows I open, after clicking on legitimate links, to weird sites that have nothing to do with my search. It will also occasionally pop up a screen without me having clicked anything while I browsing a site like facebook. It seems to have affected my alt/ctl/delete task screen as well. When I get the "your computer is infected with a virus pop up" I always close my IE with alt ctl delete which works but the task screen itself does not have an [x] at the top right anymore and no command bar so I have to move it off screen as it stays permanentely in fron of other windows.

I will include the dds, attach and ark files. Any help would be VERY appreciated!!!
Thanks,
Peter



DDS (Ver_10-03-17.01) - NTFSx86
Run by Peter Lavoie at 21:55:21.98 on 07/31/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.72 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Peter Lavoie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://news.bbc.co.uk/2/hi/business/default.stm
uInternet Connection Wizard,ShellNext = hxxp://www.hp.ca/nbaccess
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [yvehjcii] c:\documents and settings\peter lavoie\local settings\application data\votjpgfmi\gkjgxrptssd.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [yvehjcii] c:\documents and settings\peter lavoie\local settings\application data\votjpgfmi\gkjgxrptssd.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\peterl~1\applic~1\mozilla\firefox\profiles\uvmtigpb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2010-1-12 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2010-1-12 234888]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-5-10 67584]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-5-6 46824]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-3-22 200192]
S1 CamdVideo;CamdVideo;c:\windows\system32\drivers\CamdVideo.sys [2010-2-4 5688]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S2 navapsvc;Norton AntiVirus Auto-Protect Service;"c:\program files\norton internet security\norton antivirus\navapsvc.exe" --> c:\program files\norton internet security\norton antivirus\navapsvc.exe [?]
S3 CamdAudio;CamdAudio;c:\windows\system32\drivers\CamdAudio.sys [2010-2-4 23096]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-2-5 25704]

=============== Created Last 30 ================

2010-07-24 03:00:41 0 d-----w- c:\program files\iPod

==================== Find3M ====================

2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2008-03-19 03:50:20 0 ----a-w- c:\program files\temp01
2008-08-26 14:42:29 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082620080827\index.dat

============= FINISH: 21:57:33.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:35 AM

Posted 09 August 2010 - 11:32 AM

Hello shaollin, My name is Syler and I will be helping you to solve your malware issues. Sorry for the delay
in replying, we are very busy at the moment.

Please note because we are very busy, if I don't hear from you within 5 days the topic will be closed, If you
have since resolved your issues I would appreciate if you would let me no so I can close this topic.


Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    cmd /c "%userprofile%\desktop\mbr.exe" -t& start mbr.log

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe from.
  • Copy and paste the contents of mbr.log in your next reply.



We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Then please post back here with the following logs:
  • mbr.log
  • OTL.txt
  • Extra.txt

Thanks

unite.jpg


#3 shaollin

shaollin
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 10 August 2010 - 08:43 AM

Hi Syler,

Thanks a lot for the help. Here are the three logs you asked for:

mbr:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82DFEEC5]<<
kernel: MBR read successfully
user & kernel MBR OK

OTL:
OTL logfile created on: 08/10/2010 9:26:19 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Peter Lavoie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

510.00 Mb Total Physical Memory | 109.00 Mb Available Physical Memory | 21.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 13.27 Gb Free Space | 14.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRESHPB
Current User Name: Peter Lavoie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/10 09:25:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter Lavoie\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/28 16:02:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2009/11/13 14:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2009/06/27 17:24:47 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009/06/27 17:22:03 | 004,505,600 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2009/03/08 05:31:54 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeedssync.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/04 12:16:20 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2005/02/02 08:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/12/03 16:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe


========== Modules (SafeList) ==========

MOD - [2010/08/10 09:25:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter Lavoie\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/02/02 08:12:14 | 000,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/28 16:02:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2009/11/13 14:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/06/27 17:24:47 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2010/05/06 17:10:20 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/15 13:55:48 | 000,005,688 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\CamdVideo.sys -- (CamdVideo)
DRV - [2010/01/15 13:55:44 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamdAudio.sys -- (CamdAudio)
DRV - [2009/12/14 10:07:28 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2009/05/10 11:04:57 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/09/05 20:09:26 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59obex.sys -- (se59obex)
DRV - [2006/09/05 20:08:40 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mgmt.sys -- (se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/05 20:07:52 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdm.sys -- (se59mdm)
DRV - [2006/09/05 20:07:48 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdfl.sys -- (se59mdfl)
DRV - [2006/09/05 20:07:00 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59bus.sys -- (se59bus) Sony Ericsson Device 089 driver (WDM)
DRV - [2006/09/05 20:06:28 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59nd5.sys -- (se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS)
DRV - [2006/09/05 20:06:22 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59unic.sys -- (se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM)
DRV - [2005/04/04 12:25:36 | 000,160,768 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/04/01 06:02:36 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/22 10:39:44 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/03/22 10:39:42 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/03/22 10:39:40 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/15 12:14:52 | 000,346,496 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/03/15 12:14:52 | 000,037,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/03/10 05:41:52 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/02/02 07:58:58 | 000,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/01/31 06:20:03 | 000,211,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 06:12:46 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/18 12:52:16 | 000,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/08/11 19:30:00 | 000,039,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/06/28 06:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/04/14 10:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/06 14:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/2/hi/business/default.stm
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRA~1\Mozilla Firefox\components [2010/05/20 13:40:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRA~1\Mozilla Firefox\plugins [2010/05/20 13:40:58 | 000,000,000 | ---D | M]

[2010/07/29 13:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Lavoie\Application Data\Mozilla\Firefox\Profiles\uvmtigpb.default\extensions
[2009/09/03 13:37:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Peter Lavoie\Application Data\Mozilla\Firefox\Profiles\uvmtigpb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/09 17:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter Lavoie\Application Data\Mozilla\Firefox\Profiles\uvmtigpb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/01/12 16:40:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter Lavoie\Application Data\Mozilla\Firefox\Profiles\uvmtigpb.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/09/09 00:44:33 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Application Data\Mozilla\Firefox\Profiles\uvmtigpb.default\searchplugins\search.xml
[2010/07/29 13:45:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/05 20:37:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/02/02 00:34:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2009/02/02 00:34:26 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2009/02/02 00:34:26 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2009/02/02 00:34:27 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2009/02/02 00:34:31 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2009/02/02 00:34:31 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/10/27 03:45:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [yvehjcii] C:\Documents and Settings\Peter Lavoie\Local Settings\Application Data\votjpgfmi\gkjgxrptssd.exe ()
O4 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006..\Run: [yvehjcii] C:\Documents and Settings\Peter Lavoie\Local Settings\Application Data\votjpgfmi\gkjgxrptssd.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [SWHelper] C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [SWHelper] C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Risk/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Risk/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Peter Lavoie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Peter Lavoie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/09 01:38:58 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File not found
MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/08/10 09:25:18 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Peter Lavoie\Desktop\OTL.exe
[2010/07/28 16:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/23 23:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[26 C:\Documents and Settings\Peter Lavoie\Desktop\*.tmp files -> C:\Documents and Settings\Peter Lavoie\Desktop\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/10 09:26:42 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{67A19C2B-264D-465C-A5FF-88451F48F699}.job
[2010/08/10 09:26:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/10 09:25:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter Lavoie\Desktop\OTL.exe
[2010/08/10 09:24:03 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\mbr.exe
[2010/08/10 09:24:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/09 16:41:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/09 16:39:25 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/09 16:39:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/09 16:39:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/09 16:38:34 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/08 23:39:50 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\ntuser.dat
[2010/08/08 23:39:50 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Peter Lavoie\ntuser.ini
[2010/08/06 13:46:21 | 000,103,424 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\AOUT.xls
[2010/08/05 17:59:16 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Vanity fair alice.doc
[2010/08/03 23:32:56 | 000,740,352 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\30aout-5sept.xls
[2010/08/03 23:32:49 | 000,735,744 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\23-29 AOUT.xls
[2010/08/03 23:32:42 | 000,735,744 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\16-22 aout.xls
[2010/08/03 23:32:29 | 000,740,352 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\9-15 aout.xls
[2010/07/31 21:58:38 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\gmer.zip
[2010/07/31 21:54:54 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\dds.scr
[2010/07/31 17:23:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/29 01:21:26 | 000,736,768 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\2-8 aout.xls
[2010/07/22 12:28:53 | 000,259,072 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Doc2.doc
[2010/07/22 12:25:30 | 000,435,712 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\My Documents\Goal Frame volume 1.doc
[2010/07/22 11:36:09 | 000,058,719 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\shaolin2.jpg
[2010/07/22 10:20:00 | 000,099,952 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Can KL Sample Total Compensation Statement_0003_RES.pdf
[2010/07/22 10:19:45 | 000,071,940 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Store Manager Compensation Plan_0003_RES.pdf
[2010/07/22 10:04:43 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Goal_Setting_Worksheet_00014_RES_v1-01.doc
[2010/07/14 09:49:43 | 000,102,926 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\dhalsim-alpha21.jpg
[2010/07/14 09:48:16 | 000,066,699 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\dhalsim_4.gif
[2010/07/14 09:47:09 | 000,053,332 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\dhalsim-20.jpg
[2010/07/14 09:44:56 | 000,100,515 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\streetfighter_dhalsim_illust.png
[2010/07/14 09:43:57 | 000,207,954 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Dhalsim.jpg
[2010/07/14 09:43:54 | 000,022,468 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\SF062.jpg
[26 C:\Documents and Settings\Peter Lavoie\Desktop\*.tmp files -> C:\Documents and Settings\Peter Lavoie\Desktop\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/10 09:24:22 | 000,000,290 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\mbr.log
[2010/08/10 09:24:03 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\mbr.exe
[2010/08/06 13:46:24 | 000,103,424 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\AOUT.xls
[2010/08/05 17:59:16 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Vanity fair alice.doc
[2010/08/03 23:32:55 | 000,740,352 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\30aout-5sept.xls
[2010/08/03 23:32:49 | 000,735,744 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\23-29 AOUT.xls
[2010/08/03 23:32:41 | 000,735,744 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\16-22 aout.xls
[2010/08/03 23:32:26 | 000,740,352 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\9-15 aout.xls
[2010/07/31 21:59:49 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\gmer.exe
[2010/07/31 21:58:37 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\gmer.zip
[2010/07/31 21:54:53 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\dds.scr
[2010/07/29 01:21:25 | 000,736,768 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\2-8 aout.xls
[2010/07/22 12:28:53 | 000,259,072 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Doc2.doc
[2010/07/22 11:36:13 | 000,058,719 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\shaolin2.jpg
[2010/07/22 11:15:17 | 000,435,712 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\My Documents\Goal Frame volume 1.doc
[2010/07/22 10:20:00 | 000,099,952 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Can KL Sample Total Compensation Statement_0003_RES.pdf
[2010/07/22 10:19:50 | 000,071,940 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Store Manager Compensation Plan_0003_RES.pdf
[2010/07/22 10:04:48 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Goal_Setting_Worksheet_00014_RES_v1-01.doc
[2010/07/14 09:50:07 | 000,066,699 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\dhalsim_4.gif
[2010/07/14 09:50:00 | 000,102,926 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\dhalsim-alpha21.jpg
[2010/07/14 09:47:46 | 000,207,954 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Dhalsim.jpg
[2010/07/14 09:47:38 | 000,022,468 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\SF062.jpg
[2010/07/14 09:47:29 | 000,053,332 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\dhalsim-20.jpg
[2010/07/14 09:45:07 | 000,100,515 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\streetfighter_dhalsim_illust.png
[2009/10/26 11:37:04 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/10/26 11:37:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/10/26 11:37:04 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/10/26 11:37:03 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009/05/21 13:48:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/08 10:03:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/10/19 20:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/19 16:08:00 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2006/08/29 01:20:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/05/08 16:20:07 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/03/24 17:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/10/01 23:22:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM21.dll
[2005/10/01 23:22:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2005/09/21 21:38:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/26 08:18:23 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/26 08:18:23 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/26 08:18:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/26 08:18:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/26 08:18:23 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/26 08:18:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/26 08:03:45 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/05/26 08:02:20 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\AmdK8.sys
[2005/02/12 04:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/20 12:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/07 09:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/05 08:43:14 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll
[2003/05/21 02:19:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/05/06 06:41:50 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/07 01:45:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/07 01:45:26 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/07 01:45:26 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2F06F2
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0A96209
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6BF312D
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54301EF8
< End of report >



#4 shaollin

shaollin
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 10 August 2010 - 08:44 AM

... and finally extras (I wasnt able to post everything in one reply):

EXTRAS:
OTL Extras logfile created on: 08/10/2010 9:26:19 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Peter Lavoie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

510.00 Mb Total Physical Memory | 109.00 Mb Available Physical Memory | 21.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 13.27 Gb Free Space | 14.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRESHPB
Current User Name: Peter Lavoie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sierra On-Line\SIGSPat.exe" = C:\Program Files\Sierra On-Line\SIGSPat.exe:*:Enabled:SIGSPat -- (Havas Interactive)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client -- (Veoh Networks)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E22217-0E96-4C3F-B831-83AA942B7715}" = UserGuides
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 20
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3D0E8F20-748C-4dac-9A5F-9CAC86F0E848}" = 1500
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A3
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51D43E6D-9B84-4b69-AA14-27113796A94D}" = 1500_Help
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1}" = TIxx21
"{97A96172-A963-4A37-9FFB-DA6805BB915A}" = VeohTV BETA
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{987AE1EA-9AF0-484D-A0F9-11A2E0EB4AA0}" = OpenOffice.org 2.0
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep™
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B3
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E6F6231A-4FA3-47fe-A0DB-B113160C8DD3}" = 1500Trb
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Vuze Toolbar
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C" = Data Fax SoftModem with SmartCP
"CobBackup10" = Cobian Backup 10
"Compaq Presario r4000 User Guides" = Compaq Presario r4000 User Guides
"Conexant PCI Audio" = Conexant AC-Link Audio
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"HP Photo & Imaging" = HP Image Zone 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{97A96172-A963-4A37-9FFB-DA6805BB915A}" = VeohTV BETA
"IZArc 3.5 beta 3_is1" = IZArc 3.5 beta 3
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"Python 2.1" = Python 2.1
"Python 2.1 combined Win32 extensions" = Python 2.1 combined Win32 extensions
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.0.5
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XobniMain" = Xobni
"XviD_is1" = XviD MPEG-4 Video Codec
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZHCIELangPack" = Chinese (Simplified) Language Support

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-606076987-1665562994-3693314357-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.0

========== Last 10 Event Log Errors ==========



#5 shaollin

shaollin
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 10 August 2010 - 08:49 AM

for some reason the last part of extras does not post. I'll attach it to this message instead. I kept getting connection failure pages even though my internet connection is functional.

Thanks again for the help,
Shaollin

Attached Files



#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:35 AM

Posted 10 August 2010 - 12:27 PM

Hi shaollin,

Your welcome for the help. The reason you are having problems posting the logs is most likely because of
the malware, if you have any more problems just attach them instead.

Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If any suspicious items are found, let it skip them for now
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Then please post back here with the following logs:
  • TDSSKiller log
  • Malwarebytes log

Thanks

unite.jpg


#7 shaollin

shaollin
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 12 August 2010 - 11:59 AM

Hello again,

Here are the TDSSKiller and Mbam logs:
TDSS:
2010/08/10 23:25:49.0265 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09
2010/08/10 23:25:49.0265 ================================================================================
2010/08/10 23:25:49.0265 SystemInfo:
2010/08/10 23:25:49.0265
2010/08/10 23:25:49.0265 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/10 23:25:49.0265 Product type: Workstation
2010/08/10 23:25:49.0265 ComputerName: FRESHPB
2010/08/10 23:25:49.0265 UserName: Peter Lavoie
2010/08/10 23:25:49.0265 Windows directory: C:\WINDOWS
2010/08/10 23:25:49.0265 System windows directory: C:\WINDOWS
2010/08/10 23:25:49.0265 Processor architecture: Intel x86
2010/08/10 23:25:49.0265 Number of processors: 1
2010/08/10 23:25:49.0265 Page size: 0x1000
2010/08/10 23:25:49.0265 Boot type: Normal boot
2010/08/10 23:25:49.0265 ================================================================================
2010/08/10 23:25:49.0515 Initialize success
2010/08/10 23:26:02.0796 ================================================================================
2010/08/10 23:26:02.0796 Scan started
2010/08/10 23:26:02.0796 Mode: Manual;
2010/08/10 23:26:02.0796 ================================================================================
2010/08/10 23:26:03.0500 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/10 23:26:03.0750 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/08/10 23:26:03.0859 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/10 23:26:03.0953 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/10 23:26:04.0187 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/08/10 23:26:04.0234 AmdK8 (289ba732f46760e1578b719f15a750c2) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/08/10 23:26:04.0234 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\AmdK8.sys. Real md5: 289ba732f46760e1578b719f15a750c2, Fake md5: 15370e052ada5114896fc3af764f5f2f
2010/08/10 23:26:04.0250 AmdK8 - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/10 23:26:04.0359 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/10 23:26:04.0546 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/10 23:26:04.0625 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/10 23:26:04.0781 ati2mtag (2fbdfec8cd60cec3d55e615865333033) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/08/10 23:26:04.0937 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/10 23:26:05.0000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/10 23:26:05.0109 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/08/10 23:26:05.0156 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/10 23:26:05.0250 BTWUSB (e6bcc8cd48a7bb9c83ea1536fcff0fd1) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/08/10 23:26:05.0328 CAMCAUD (23913c28ac89875bbfa03bccdc3a41e5) C:\WINDOWS\system32\drivers\camc6aud.sys
2010/08/10 23:26:05.0390 CAMCHALA (e6edb12a44dafcef05dbddf3ed652388) C:\WINDOWS\system32\drivers\camc6hal.sys
2010/08/10 23:26:05.0562 CamdAudio (09a451491b3e561da09032c059ab3e3c) C:\WINDOWS\system32\drivers\CamdAudio.sys
2010/08/10 23:26:05.0625 CamdVideo (95d8c69340e0fdb33eec4f7524bd494b) C:\WINDOWS\system32\DRIVERS\CamdVideo.sys
2010/08/10 23:26:05.0734 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/10 23:26:05.0875 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/10 23:26:06.0046 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/10 23:26:06.0171 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/10 23:26:06.0296 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/10 23:26:06.0484 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/10 23:26:06.0625 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/10 23:26:07.0000 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/10 23:26:07.0125 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/10 23:26:07.0234 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/10 23:26:07.0328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/10 23:26:07.0421 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/10 23:26:07.0625 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/10 23:26:07.0703 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
2010/08/10 23:26:07.0765 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
2010/08/10 23:26:07.0953 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/08/10 23:26:08.0187 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/10 23:26:08.0281 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/10 23:26:08.0359 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/10 23:26:08.0406 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/10 23:26:08.0484 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/10 23:26:08.0562 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/10 23:26:08.0625 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/10 23:26:08.0703 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/10 23:26:08.0781 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/10 23:26:08.0859 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/10 23:26:08.0984 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/08/10 23:26:09.0031 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/08/10 23:26:09.0078 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/08/10 23:26:09.0140 HSFHWATI (13d4b70bf2f9bc550e9079da864d3ec1) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
2010/08/10 23:26:09.0218 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/08/10 23:26:09.0343 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/10 23:26:09.0500 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/10 23:26:09.0562 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/10 23:26:09.0640 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/10 23:26:09.0703 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/10 23:26:09.0765 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/10 23:26:09.0828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/10 23:26:09.0890 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/10 23:26:09.0984 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/10 23:26:10.0046 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/10 23:26:10.0093 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/10 23:26:10.0140 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/10 23:26:10.0203 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/10 23:26:10.0296 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/10 23:26:10.0437 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\WINDOWS\system32\drivers\lvusbsta.sys
2010/08/10 23:26:10.0500 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/10 23:26:10.0546 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/10 23:26:10.0640 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/10 23:26:10.0718 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/10 23:26:10.0765 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/10 23:26:10.0828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/10 23:26:10.0875 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/10 23:26:10.0968 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/10 23:26:11.0015 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/10 23:26:11.0078 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/10 23:26:11.0109 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/10 23:26:11.0156 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/10 23:26:11.0187 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/10 23:26:11.0234 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/10 23:26:11.0281 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/10 23:26:11.0328 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/10 23:26:11.0406 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/10 23:26:11.0468 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/10 23:26:11.0515 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/10 23:26:11.0593 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/10 23:26:11.0640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/10 23:26:11.0703 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/10 23:26:11.0781 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/10 23:26:11.0828 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/10 23:26:11.0921 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/10 23:26:11.0953 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/10 23:26:12.0031 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/10 23:26:12.0140 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/10 23:26:12.0203 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/10 23:26:12.0250 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/10 23:26:12.0328 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/10 23:26:12.0421 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/10 23:26:12.0484 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/10 23:26:12.0546 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/10 23:26:12.0609 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/10 23:26:12.0703 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/10 23:26:12.0781 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/08/10 23:26:13.0093 PID_0928 (5bd2c6d982481d548107c602e7ccfbbc) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
2010/08/10 23:26:13.0203 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/10 23:26:13.0250 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/10 23:26:13.0312 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/10 23:26:13.0375 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/10 23:26:13.0437 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/10 23:26:13.0640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/10 23:26:13.0703 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/08/10 23:26:13.0765 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/10 23:26:13.0812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/10 23:26:13.0843 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/10 23:26:13.0937 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/10 23:26:13.0968 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/10 23:26:14.0078 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/10 23:26:14.0140 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/10 23:26:14.0312 RTL8023xp (1e7978c5e355407efdfc7b7328ef13e7) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2010/08/10 23:26:14.0437 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/10 23:26:14.0484 SASKUTIL (4fd72291a89793049104ca0a7e353cd4) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/08/10 23:26:14.0671 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/08/10 23:26:14.0734 se59bus (7c38fc284136981ebe002252fa0900d3) C:\WINDOWS\system32\DRIVERS\se59bus.sys
2010/08/10 23:26:14.0796 se59mdfl (3ced539f4373ccf8d3fe71ae51053d5d) C:\WINDOWS\system32\DRIVERS\se59mdfl.sys
2010/08/10 23:26:14.0843 se59mdm (c6a6aa039d14f2ea1998e5f922014067) C:\WINDOWS\system32\DRIVERS\se59mdm.sys
2010/08/10 23:26:14.0921 se59mgmt (7eecfa334292b1cd8de4990b63e02360) C:\WINDOWS\system32\DRIVERS\se59mgmt.sys
2010/08/10 23:26:14.0953 se59nd5 (555895a241611c59ce057c42bc8b6e85) C:\WINDOWS\system32\DRIVERS\se59nd5.sys
2010/08/10 23:26:15.0015 se59obex (729dfa6451b7356834bfa6faec9e3092) C:\WINDOWS\system32\DRIVERS\se59obex.sys
2010/08/10 23:26:15.0078 se59unic (5f453e3e797dbeefe35869dc0239effa) C:\WINDOWS\system32\DRIVERS\se59unic.sys
2010/08/10 23:26:15.0156 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/10 23:26:15.0234 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/10 23:26:15.0296 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/10 23:26:15.0375 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/08/10 23:26:15.0484 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/10 23:26:15.0546 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2010/08/10 23:26:15.0625 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/10 23:26:15.0718 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/10 23:26:15.0796 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/10 23:26:15.0890 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/10 23:26:15.0937 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/10 23:26:15.0984 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/10 23:26:16.0171 SynTP (1dbc86da355b5db35174f862c110fd09) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/08/10 23:26:16.0250 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/10 23:26:16.0359 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/10 23:26:16.0437 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/10 23:26:16.0500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/10 23:26:16.0562 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/10 23:26:16.0671 tifm21 (2448935e1cf84b0341a24a17908c7311) C:\WINDOWS\system32\drivers\tifm21.sys
2010/08/10 23:26:16.0734 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
2010/08/10 23:26:16.0875 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/10 23:26:17.0000 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/10 23:26:17.0093 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/08/10 23:26:17.0156 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/10 23:26:17.0218 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/10 23:26:17.0281 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/10 23:26:17.0312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/10 23:26:17.0343 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/08/10 23:26:17.0406 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/10 23:26:17.0468 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/10 23:26:17.0531 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/10 23:26:17.0593 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/10 23:26:17.0656 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/10 23:26:17.0734 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/08/10 23:26:17.0796 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/10 23:26:17.0890 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/10 23:26:17.0984 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/10 23:26:18.0078 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/08/10 23:26:18.0281 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/08/10 23:26:18.0328 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/08/10 23:26:18.0406 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
2010/08/10 23:26:18.0500 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
2010/08/10 23:26:18.0671 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
2010/08/10 23:26:18.0750 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
2010/08/10 23:26:18.0859 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
2010/08/10 23:26:18.0984 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/10 23:26:19.0109 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/10 23:26:19.0234 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/10 23:26:19.0437 ================================================================================
2010/08/10 23:26:19.0437 Scan finished
2010/08/10 23:26:19.0437 ================================================================================
2010/08/10 23:26:19.0453 Detected object count: 1
2010/08/10 23:26:38.0906 AmdK8 (289ba732f46760e1578b719f15a750c2) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/08/10 23:26:38.0906 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\AmdK8.sys. Real md5: 289ba732f46760e1578b719f15a750c2, Fake md5: 15370e052ada5114896fc3af764f5f2f
2010/08/10 23:26:43.0578 Backup copy not found, trying to cure infected file..
2010/08/10 23:26:43.0578 Cure success, using it..
2010/08/10 23:26:43.0609 C:\WINDOWS\system32\DRIVERS\AmdK8.sys - will be cured after reboot
2010/08/10 23:26:43.0609 Rootkit.Win32.TDSS.tdl3(AmdK8) - User select action: Cure
2010/08/10 23:26:49.0328 Deinitialize success


MBAM:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4419

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08/11/2010 11:24:16 AM
mbam-log-2010-08-11 (11-24-16).txt

Scan type: Quick scan
Objects scanned: 164643
Time elapsed: 39 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvehjcii (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvehjcii (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Peter Lavoie\Local Settings\Application Data\votjpgfmi\gkjgxrptssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Peter Lavoie\Local Settings\temp\264.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Peter Lavoie\Local Settings\temp\6B.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Peter Lavoie\Local Settings\temp\hqvL.exe (Trojan.Downloader) -> Quarantined and deleted successfully.



Thanks,
Shaollin

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:35 AM

Posted 13 August 2010 - 04:36 AM

That's looking a bit better, can you tell me how the computer is running now? please run a scan with
OTL again then post back with the new log, thanks.

unite.jpg


#9 shaollin

shaollin
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 15 August 2010 - 05:49 PM

Hi Syler,

I haven't had one redirect/pop up since the last sweep although I haven't had time to use my computer that much. Here is a summary of things I noticed:
- My explorer and firefox have become painfully slow since we started running these anti malware. I have to say my computer is getting old and part of it may be attributed to this but even with the pop ups internet browsing seemed faster. Now its like there is always at least a small delay every time I want to do something (click on a link, google search, etc..), Minimizing windows and opening them takes a long time as well (even with only two or three windows/programs open)
- The ctr/alt/del window still does not have the upper part of the window ( no menu bar or quick close/minimize squares on top right) so I can't close it when I open the window
- two reboots ago (after doing the last operation) my computer rebooted with a different windows color scheme (classic blue instead of my customized silver)

I ran OTL again without the customized scans/fixes and only got an OTL report (no Extras). Here it is:

OTL logfile created on: 08/15/2010 6:22:08 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Peter Lavoie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

510.00 Mb Total Physical Memory | 8.00 Mb Available Physical Memory | 1.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 12.73 Gb Free Space | 13.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRESHPB
Current User Name: Peter Lavoie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/10 09:25:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter Lavoie\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/28 16:02:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2009/11/13 14:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2009/06/27 17:24:47 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009/06/27 17:22:03 | 004,505,600 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/04 12:16:20 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2005/02/02 08:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/12/03 16:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/08/10 09:25:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter Lavoie\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/02/02 08:12:14 | 000,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/28 16:02:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2009/11/13 14:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/06/27 17:24:47 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2010/08/10 23:27:54 | 000,039,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2010/05/06 17:10:20 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/15 13:55:48 | 000,005,688 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\CamdVideo.sys -- (CamdVideo)
DRV - [2010/01/15 13:55:44 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamdAudio.sys -- (CamdAudio)
DRV - [2009/12/14 10:07:28 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2009/05/10 11:04:57 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/09/05 20:09:26 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59obex.sys -- (se59obex)
DRV - [2006/09/05 20:08:40 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mgmt.sys -- (se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/05 20:07:52 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdm.sys -- (se59mdm)
DRV - [2006/09/05 20:07:48 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdfl.sys -- (se59mdfl)
DRV - [2006/09/05 20:07:00 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59bus.sys -- (se59bus) Sony Ericsson Device 089 driver (WDM)
DRV - [2006/09/05 20:06:28 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59nd5.sys -- (se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS)
DRV - [2006/09/05 20:06:22 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59unic.sys -- (se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM)
DRV - [2005/04/04 12:25:36 | 000,160,768 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/04/01 06:02:36 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/22 10:39:44 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/03/22 10:39:42 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/03/22 10:39:40 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/15 12:14:52 | 000,346,496 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/03/15 12:14:52 | 000,037,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/03/10 05:41:52 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/02/02 07:58:58 | 000,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/01/31 06:20:03 | 000,211,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 06:12:46 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/18 12:52:16 | 000,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/06/28 06:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/04/14 10:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/06 14:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/2/hi/business/default.stm
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/14 08:30:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/14 08:30:41 | 000,000,000 | ---D | M]

[2010/08/14 08:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Lavoie\Application Data\Mozilla\Extensions
[2010/07/29 13:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Lavoie\Application Data\Mozilla\Firefox\Profiles\uvmtigpb.default\extensions
[2009/09/03 13:37:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Peter Lavoie\Application Data\Mozilla\Firefox\Profiles\uvmtigpb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/09 17:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter Lavoie\Application Data\Mozilla\Firefox\Profiles\uvmtigpb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/01/12 16:40:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter Lavoie\Application Data\Mozilla\Firefox\Profiles\uvmtigpb.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/09/09 00:44:33 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Application Data\Mozilla\Firefox\Profiles\uvmtigpb.default\searchplugins\search.xml
[2010/08/14 08:31:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/05 20:37:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/10/27 03:45:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [SWHelper] C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [SWHelper] C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Risk/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Risk/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Peter Lavoie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Peter Lavoie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/09 01:38:58 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/11 11:03:41 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/08/11 10:25:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/11 10:25:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/11 10:23:56 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Peter Lavoie\Desktop\mbam-setup-1.46.exe
[2010/08/10 23:25:45 | 001,197,904 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Peter Lavoie\Desktop\TDSSKiller.exe
[2010/08/10 09:25:18 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Peter Lavoie\Desktop\OTL.exe
[2010/07/28 16:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/23 23:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[26 C:\Documents and Settings\Peter Lavoie\Desktop\*.tmp files -> C:\Documents and Settings\Peter Lavoie\Desktop\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/15 18:25:22 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/15 18:21:07 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{67A19C2B-264D-465C-A5FF-88451F48F699}.job
[2010/08/15 18:16:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/15 18:15:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/15 18:15:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/15 18:15:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/15 18:14:34 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/14 15:12:49 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\ntuser.dat
[2010/08/14 15:12:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Peter Lavoie\ntuser.ini
[2010/08/14 08:17:01 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 13:42:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 13:41:07 | 000,000,731 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/12 13:37:36 | 000,519,190 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 13:37:36 | 000,453,430 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 13:37:36 | 000,076,286 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 10:25:27 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/11 10:23:59 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Peter Lavoie\Desktop\mbam-setup-1.46.exe
[2010/08/10 23:27:54 | 000,039,424 | ---- | M] () -- C:\WINDOWS\System32\drivers\AmdK8.sys
[2010/08/10 23:25:24 | 001,132,196 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\tdsskiller.zip
[2010/08/10 14:49:18 | 001,197,904 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Peter Lavoie\Desktop\TDSSKiller.exe
[2010/08/10 10:40:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/10 09:25:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter Lavoie\Desktop\OTL.exe
[2010/08/10 09:24:03 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\mbr.exe
[2010/08/06 13:46:21 | 000,103,424 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\AOUT.xls
[2010/08/05 17:59:16 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Vanity fair alice.doc
[2010/08/03 23:32:56 | 000,740,352 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\30aout-5sept.xls
[2010/08/03 23:32:49 | 000,735,744 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\23-29 AOUT.xls
[2010/08/03 23:32:42 | 000,735,744 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\16-22 aout.xls
[2010/08/03 23:32:29 | 000,740,352 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\9-15 aout.xls
[2010/07/31 21:58:38 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\gmer.zip
[2010/07/31 21:54:54 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\dds.scr
[2010/07/31 17:23:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/29 01:21:26 | 000,736,768 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\2-8 aout.xls
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/22 12:28:53 | 000,259,072 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Doc2.doc
[2010/07/22 12:25:30 | 000,435,712 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\My Documents\Goal Frame volume 1.doc
[2010/07/22 11:36:09 | 000,058,719 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\shaolin2.jpg
[2010/07/22 10:20:00 | 000,099,952 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Can KL Sample Total Compensation Statement_0003_RES.pdf
[2010/07/22 10:19:45 | 000,071,940 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Store Manager Compensation Plan_0003_RES.pdf
[2010/07/22 10:04:43 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Goal_Setting_Worksheet_00014_RES_v1-01.doc
[26 C:\Documents and Settings\Peter Lavoie\Desktop\*.tmp files -> C:\Documents and Settings\Peter Lavoie\Desktop\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/11 10:25:27 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 23:25:21 | 001,132,196 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\tdsskiller.zip
[2010/08/10 09:24:22 | 000,000,290 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\mbr.log
[2010/08/10 09:24:03 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\mbr.exe
[2010/08/06 13:46:24 | 000,103,424 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\AOUT.xls
[2010/08/05 17:59:16 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Vanity fair alice.doc
[2010/08/03 23:32:55 | 000,740,352 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\30aout-5sept.xls
[2010/08/03 23:32:49 | 000,735,744 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\23-29 AOUT.xls
[2010/08/03 23:32:41 | 000,735,744 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\16-22 aout.xls
[2010/08/03 23:32:26 | 000,740,352 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\9-15 aout.xls
[2010/07/31 21:59:49 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\gmer.exe
[2010/07/31 21:58:37 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\gmer.zip
[2010/07/31 21:54:53 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\dds.scr
[2010/07/29 01:21:25 | 000,736,768 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\2-8 aout.xls
[2010/07/22 12:28:53 | 000,259,072 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Doc2.doc
[2010/07/22 11:36:13 | 000,058,719 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\shaolin2.jpg
[2010/07/22 11:15:17 | 000,435,712 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\My Documents\Goal Frame volume 1.doc
[2010/07/22 10:20:00 | 000,099,952 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Can KL Sample Total Compensation Statement_0003_RES.pdf
[2010/07/22 10:19:50 | 000,071,940 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Store Manager Compensation Plan_0003_RES.pdf
[2010/07/22 10:04:48 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\Goal_Setting_Worksheet_00014_RES_v1-01.doc
[2009/10/26 11:37:04 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/10/26 11:37:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/10/26 11:37:04 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/10/26 11:37:03 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009/05/21 13:48:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/08 10:03:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/10/19 20:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/19 16:08:00 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2006/08/29 01:20:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/05/08 16:20:07 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/03/24 17:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/10/01 23:22:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM21.dll
[2005/10/01 23:22:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2005/09/21 21:38:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/26 08:18:23 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/26 08:18:23 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/26 08:18:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/26 08:18:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/26 08:18:23 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/26 08:18:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/26 08:03:45 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/05/26 08:02:20 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\AmdK8.sys
[2005/02/12 04:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/20 12:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/07 09:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/05 08:43:14 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll
[2003/05/21 02:19:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2F06F2
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0A96209
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6BF312D
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54301EF8
< End of report >



Thanks a lot for your time and help!
Shaollin

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:35 AM

Posted 16 August 2010 - 07:54 AM

Hi shaollin,

QUOTE
The ctr/alt/del window still does not have the upper part of the window ( no menu bar or quick close/minimize squares on top right) so I can't close it when I open the window


If you double click on the edge around task manager, this should bring the menu bar back.


Your logs are showing that you have 26 .tmp files on your desktop, can you tell me if you know what these are for?


Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check all of the boxes. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Edited by syler, 16 August 2010 - 07:56 AM.

unite.jpg


#11 shaollin

shaollin
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 16 August 2010 - 08:44 PM

Hey Syler,

Your ctr/alt/delete advice worked like a charm. Also, I've been using my explorer/google more and my cpu is faster than the last few days which is awesome and there have been no redirects or pop ups either. I don't know what those temporary files were for on my desktop but I deleted all my internet temp files/history/cookies in case it was related to that.

Here is the Rootkit Unhooker report:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x82FCA660 [4] System
0x82B00800 [176] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company, hp Wireless Assistant Module)
0x82D77650 [192] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co., Hewlett-Packard Product Assistant)
0x82B765E8 [208] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc., TouchPad Driver Helper Application)
0x82CA93B0 [212] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc., Synaptics TouchPad Enhancements)
0x82AE5318 [232] C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard , Quick Launch Buttons)
0x82D1BC00 [308] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)
0x82AF5DA0 [392] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation, .NET Runtime Optimization Service)
0x82BA9560 [444] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82BCCA38 [500] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x82D16DA0 [536] C:\Program Files\DivX\DivX Update\DivXUpdate.exe (-, DivX Update)
0x82895020 [568] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x82BA8DA0 [632] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x82EBA870 [660] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x82CBE020 [680] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java™ Quick Starter Service)
0x82B6C2A0 [704] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x82B2ADA0 [724] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x829F9BF8 [788] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc., GoogleToolbarNotifier)
0x8287F020 [864] C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x82A977A0 [892] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82AE66A0 [984] C:\Program Files\Xobni\XobniService.exe (Xobni Corporation, XobniService)
0x82AD4488 [1004] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82E7E500 [1064] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82E6DDA0 [1112] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82D89460 [1172] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x82D8C020 [1184] C:\Program Files\AskBarDis\bar\bin\AskService.exe
0x82B292C0 [1216] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82CB32E0 [1268] C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
0x82AFD020 [1292] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x82892590 [1328] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82EB32B0 [1336] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x82AD7DA0 [1348] C:\WINDOWS\system32\HPZipm12.exe (HP, PML Driver)
0x82A95DA0 [1396] C:\Program Files\Cobian Backup 10\cbVSCService.exe (CobianSoft, Luis Cobian, Cobian Backup Boletus VSC service)
0x82BC6AB0 [1476] C:\Program Files\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group, PostgreSQL Server)
0x82CBC660 [1516] C:\Program Files\Common Files\LightScribe\LSSrvc.exe (-, -)
0x82CE33F8 [1704] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x82B89DA0 [1768] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x82B421B0 [1820] C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x82CC0DA0 [1840] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc., ATI Desktop Control Panel)
0x82B9BDA0 [1948] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x82AFEA58 [2000] C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group, pg_ctl - starts/stops/restarts the PostgreSQL server)
0x82BC27A8 [2336] C:\Program Files\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group, PostgreSQL Server)
0x82B51320 [2468] C:\Program Files\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group, PostgreSQL Server)
0x82B14DA0 [2476] C:\Program Files\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group, PostgreSQL Server)
0x82CF3160 [2484] C:\Program Files\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group, PostgreSQL Server)
0x82BD1DA0 [2492] C:\Program Files\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group, PostgreSQL Server)
0x82BDEDA0 [2664] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x82BDF5E8 [2672] C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation, WMI)
0x82BB0B28 [2952] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x82D756A0 [3104] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x82DA6B28 [3324] C:\Program Files\HPQ\Shared\hpqwmi.exe (Hewlett-Packard Development Company, L.P., hpqwmi Module)
0x825CDB50 [3656] C:\Documents and Settings\Peter Lavoie\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x82AD0898 [4088] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
==============================================
>Drivers
==============================================
0xBF0B1000 C:\WINDOWS\System32\ati3duag.dll 2297856 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2066816 bytes
0x804D7000 RAW 2066816 bytes
0x804D7000 WMIxWDM 2066816 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF79A6000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1073152 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF76CB000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1040384 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF761F000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 704512 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xBF2E2000 C:\WINDOWS\System32\ativvaxx.dll 610304 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF83CD000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEF37A000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xEF22E000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xF7599000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF78C1000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 372736 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xEF481000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB7D31000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF781E000 C:\WINDOWS\system32\drivers\camc6hal.sys 348160 bytes (Conexant Systems Inc., Conexant AmcHal Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB7965000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 241664 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF04D000 C:\WINDOWS\System32\ati2cqag.dll 204800 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF07F000 C:\WINDOWS\System32\atikvmag.dll 204800 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xF77C9000 C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys 200704 bytes (Conexant Systems, Inc., HSFHWATI WDM driver)
0xF791C000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xF84F7000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB8120000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF83A0000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB7372000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEF3EA000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEF459000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7899000 C:\WINDOWS\system32\drivers\tifm21.sys 163840 bytes (Texas Instruments, tifm21.sys)
0xEF354000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF77FA000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF796E000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF794B000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEF437000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xEF415000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806D0000 ACPI_HAL 131840 bytes
0x806D0000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF8471000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF84A9000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF84C8000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF8386000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF8491000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEF216000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB7C29000 C:\WINDOWS\system32\drivers\tmcomm.sys 98304 bytes (Trend Micro Inc., TrendMicro Common Module)
0xF845A000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7608000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB835B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7885000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xF7992000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEF4DA000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7873000 C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys 73728 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xF84E6000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF75F7000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF8886000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7AFC000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8636000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF86A6000 serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7B1C000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 61440 bytes
0xF7AAC000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7AEC000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB84C8000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF87B6000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8646000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF8686000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7ADC000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8716000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8666000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8746000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8806000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7B0C000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8656000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8736000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7ABC000 C:\WINDOWS\system32\drivers\camc6aud.sys 40960 bytes (Conexant Systems Inc., Conexant WDM AC97 Audio Driver)
0xF8626000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF8786000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8696000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF8776000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8676000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8826000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF8756000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF87E6000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB749D000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF8816000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF89FE000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF88D6000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF89DE000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF88E6000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF88A6000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF89E6000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF89EE000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF89F6000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF88DE000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF8A2E000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF88CE000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF88AE000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8A0E000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8A16000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF8A06000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF89D6000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF8906000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8A3E000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF8B1A000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF8349000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB867C000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8A42000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF8A36000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8A3A000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF8B0E000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF8ACA000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB7F48000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF8ACE000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF8B1E000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7D0B000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8B12000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF7D03000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF8B2E000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF8B6E000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8B80000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8B74000 C:\WINDOWS\system32\drivers\EABFiltr.sys 8192 bytes (Hewlett-Packard Company, QLB PS/2 Keyboard filter driver)
0xF8B6C000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8B2A000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8B26000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8B70000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8B72000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8B66000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8B64000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8B2C000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF8B28000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8CA3000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8CA9000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8CB8000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8BEF000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF8BEE000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x00A10000 Hidden Image-->System.ServiceProcess.dll [ EPROCESS 0x82A95DA0 ] PID: 1396, 126976 bytes
0x03360000 Hidden Image-->System.ServiceProcess.dll [ EPROCESS 0x82AE66A0 ] PID: 984, 126976 bytes
0x00DC0000 Hidden Image-->CobStringList.dll [ EPROCESS 0x82A95DA0 ] PID: 1396, 28672 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\TuneUpMedia\cacerts.crt
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\TuneUpMedia\compilations.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\TuneUpMedia\TuneUp.log
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\TuneUpMedia\TuneUpAppSettings.xml
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Companion\TuneUp Companion.lnk
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Companion\Uninstall TuneUp Companion.lnk
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6DZHHYKD\toolbarUpgrade[2].jsp
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Application Data\Azureus\active\01F9F08474BF25EF732939FA9E207AADC85E824F.dat
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Application Data\Azureus\active\01F9F08474BF25EF732939FA9E207AADC85E824F.dat.bak
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Application Data\Azureus\active\16A0F9D0A2922886306B709241EE0ACF471DA69E.dat
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Application Data\Azureus\active\16A0F9D0A2922886306B709241EE0ACF471DA69E.dat.bak
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Application Data\Azureus\active\9FCAE7FBDFD5BE58016B855A37FCD39309350EAE.dat
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Application Data\Azureus\active\9FCAE7FBDFD5BE58016B855A37FCD39309350EAE.dat.bak
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Application Data\Azureus\torrents\Crystal Castles - Crystal Castles [2010].torrent
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Application Data\Azureus\torrents\Crystal Castles.torrent
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Application Data\Azureus\torrents\Onra - Chinoiseries.torrent
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Application Data\Google\Local Search History\google%2Eweb.w
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Application Data\TuneUpMedia\TuneUpPreferences.xml
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Cookies\peter_lavoie@abmr[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Cookies\peter_lavoie@ad.yieldmanager[2].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Cookies\peter_lavoie@adnxs[2].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Cookies\peter_lavoie@bluekai[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Cookies\peter_lavoie@client.vuze[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Cookies\peter_lavoie@content.yieldmanager[2].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Cookies\peter_lavoie@content.yieldmanager[3].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Cookies\peter_lavoie@crwdcntrl[3].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Cookies\peter_lavoie@google[3].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Cookies\peter_lavoie@mail.google[3].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Cookies\peter_lavoie@rottentomatoes[5].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Cookies\peter_lavoie@scorecardresearch[4].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Cookies\peter_lavoie@vuze[2].txt

!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Application Data\Google\Toolbar\metrics_34172755154.xml
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Application Data\Google\Toolbar\metrics_35113331641.xml
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8BFCEC00-A95F-11DF-BC8F-00904BF60228}.dat
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{EFC26D56-A968-11DF-BC8F-00904BF60228}.dat
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{6E10C13A-A969-11DF-BC8F-00904BF60228}.dat
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1AMBETSK\10236391_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1AMBETSK\10236393_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1AMBETSK\10236486_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1AMBETSK\300_small[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1AMBETSK\68GraphicNovelThumb[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1AMBETSK\;test=;ord=229700000000;[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1AMBETSK\close_nor[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1AMBETSK\combined.min[1].css
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1AMBETSK\commonPrint[1].css
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1AMBETSK\down[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1AMBETSK\ea6c5iu6[1].js
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1AMBETSK\main-ltr[1].css
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1AMBETSK\pixel[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1AMBETSK\p_751550281=0[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1AMBETSK\p_751550281=134[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1AMBETSK\p_751550281=146[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1AMBETSK\p_751550281=159[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1AMBETSK\q[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1AMBETSK\shared[1].css
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\10234829_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\11[1].htm
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\27554_123535304324047_6927_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\Button_hide[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\collapse_nor[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\content_body_bg[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\corner_content_lightblue[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\feature_carousel_item_overlay_arrow[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\Flixster-RT_app_300x250_v2[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\help_16[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\iconset_rt_sm5[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\imp[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\p_751550281=137[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\p_751550281=149[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\p_751550281=162[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\q[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\search[3].htm
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\styles[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\Vector.combined.min[1].js
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1LZRBA1L\Wikipedia-logo-v2-en[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1OQLM5N7\10236428_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1OQLM5N7\10236485_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1OQLM5N7\41401_594410178_5455_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1OQLM5N7\ads[2].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1OQLM5N7\Crystal_Castles_(band)[1].htm
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1OQLM5N7\expand_nor[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1OQLM5N7\footer_liquid[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1OQLM5N7\if[1].htm
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1OQLM5N7\noConnect[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1OQLM5N7\portal-break[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1OQLM5N7\p_751550281=0[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1OQLM5N7\p_751550281=145[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1OQLM5N7\p_751550281=157[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1OQLM5N7\q725950111_724[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1OQLM5N7\safe_image[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1OQLM5N7\searchbar_bg[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1OQLM5N7\shadow_bg_variant_2[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1OQLM5N7\tertiarynav_tab[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1UQQ21G9\10236484_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1UQQ21G9\30px-Commons-logo.svg[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1UQQ21G9\;test=;ord=229700000000;[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1UQQ21G9\;test=;ord=229700000000;[2]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1UQQ21G9\external-link-ltr-icon[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1UQQ21G9\gradient[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1UQQ21G9\header_grass_bg[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1UQQ21G9\httpErrorPagesScripts[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1UQQ21G9\li_sidebar_square[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1UQQ21G9\logo_glow_transparent[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1UQQ21G9\offsite[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1UQQ21G9\playbutton_lg[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1UQQ21G9\poweredby_mediawiki_88x31[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1UQQ21G9\p_751550281=0[4].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1UQQ21G9\p_751550281=130[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1UQQ21G9\p_751550281=141[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1UQQ21G9\p_751550281=153[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1UQQ21G9\p_751550281=166[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\1UQQ21G9\search-ltr[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\10236489_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\2554[1].htm
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\35263_130550126982840_130545183650001_142763_5103253_s[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\41545_1232910039_2898_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\ads[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\beacon[1].js
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\buttons[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\content_footer[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\imp[3]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\imp[4]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\mid_full[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\nav_shadow_outside[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\p_751550281=0[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\p_751550281=133[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\p_751550281=144[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\p_751550281=156[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\q8MeECBy8Cw[1].js
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\tab-current-fade[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\tab-normal-fade[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\4OKANBFB\user-icon[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\10236501_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\41160ccb1c9a80ff7acb040498bfb7e3[1].swf
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\41716_508438885_9051_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\817-grey[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\;test=;ord=229700000000;[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\arrow-down-icon[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\background_gradient[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\bullet-icon[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\content_green_2[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\conversion[1].js
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\infobar_close[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\offsite[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\p_751550281=0[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\p_751550281=131[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\p_751550281=142[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\p_751550281=154[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\p_751550281=167[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\search_button[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\tab-break[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\web_detail_icons_close[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\10236455_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\10236473_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\10236488_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\10236503_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\;test=;ord=229700000000;[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\;test=;ord=229700000000;[2]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\arrow-down[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\arrow-right[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\bk-static[1].js
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\errorPageStrings[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\gadget_suggest_window[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\header_sky_bg[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\infobar_gradient[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\NewTabPageScripts[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\page-fade[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\p_751550281=129[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\p_751550281=140[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\p_751550281=152[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\p_751550281=165[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\q624091668_9991[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\rottentomatoes_logo_ca[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\9A3NLCXC\safe_image[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\10236448_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\10236472_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\10236487_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\1690543_tmb[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\300px-Crystal_Castles_Popped_Music_Festival[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\40420657_msq[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\;test=;ord=1281983180008;[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\batch[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\border[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\bughunting[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\button_submitBtn_bg_right[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\ErrorPageTemplate[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\infobar[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\page-base[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\p_751550281=0[2].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\p_751550281=128[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\p_751550281=139[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\p_751550281=151[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\p_751550281=164[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DMUNXK15\site_bg_two[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\10236399_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\40942_409441702241_507312241_5246628_1191515_s[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\a63692966275d001cced5233b50d8b88[1].swf
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\all[1].js
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\cc[1].js
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\content_abstract_li_circle[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\dnserror[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\eue7mfug[1].css
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\GEOLOCATION_INFOBAR[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\ico_commentBubble_sm[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\imp[2]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\index[2].php
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\portal-break[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\p_751550281=0[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\p_751550281=138[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\p_751550281=150[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\p_751550281=163[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\scripts[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\scripts[2]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\10236392_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\10236394_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\10236395_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\10236483_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\1ca08cb9f3533e9d8da49f6b45fd8123[1].swf
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\41160ccb1c9a80ff7acb040498bfb7e3[1].swf
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\9zr18t1k[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\;test=;ord=229700000000;[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\ajax[1].js
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\favcenter[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\favicon[2].ico
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\Flixster-RT_app_728x90[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\jquery-ui-1.7.2[1].css
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\jquery.min[1].js
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\plugins.combined.min[1].js
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\p_751550281=0[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\p_751550281=135[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\p_751550281=147[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\p_751550281=160[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\HSWWFIH3\scripts[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\10236430_ori[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\55TV-Adaptations[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\ads[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\ads[2].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\centralnotice[1].js
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\content_header[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\corner_contentAbstractTertiary_green_1[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\corner_contentAbstractTertiary_green_2[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\jolie_small[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\MobileRedirect[1].js
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\mwsuggest[1].js
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\p_751550281=0[2].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\p_751550281=136[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\p_751550281=148[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\p_751550281=161[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\rottentomatoes_com[1].htm
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\tabswelcome[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\tools[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\top[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\NJVSF42H\wikibits[1].js
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\PJ3OAGWU\2ZAOU_5fGdQJ[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\PJ3OAGWU\41706_1171517245_6985_q[1].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\PJ3OAGWU\;test=;ord=229700000000;[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\PJ3OAGWU\background[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\PJ3OAGWU\button_submitBtn_bg_left[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\PJ3OAGWU\download_now_btn[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\PJ3OAGWU\left_full[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\PJ3OAGWU\nav_outside_2[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\PJ3OAGWU\opensearch_desc[1].php
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\PJ3OAGWU\popup_dialog_top[1].gif
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\PJ3OAGWU\p_751550281=0[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\PJ3OAGWU\p_751550281=132[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\PJ3OAGWU\p_751550281=143[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\PJ3OAGWU\p_751550281=155[1].txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\PJ3OAGWU\safe_image[2].jpg
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\PJ3OAGWU\scripts[1]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\PJ3OAGWU\scripts[2]
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\PJ3OAGWU\search-fade[1].png
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\Local Settings\temp\Google Toolbar\GoogleToolbarWelcome.log::$DATA
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles - Crystal Castles [2010]\01 - Fainting Spells.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles - Crystal Castles [2010]\02 - Celestica.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles - Crystal Castles [2010]\03 - Doe Deer.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles - Crystal Castles [2010]\04 - Baptism.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles - Crystal Castles [2010]\05 - Year of Silence.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles - Crystal Castles [2010]\06 - Empathy.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles - Crystal Castles [2010]\07 - Suffocation.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles - Crystal Castles [2010]\08 - Violent Dreams.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles - Crystal Castles [2010]\09 - Vietnam.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles - Crystal Castles [2010]\10 - Birds.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles - Crystal Castles [2010]\11 - Pap Smear.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles - Crystal Castles [2010]\12 - Not In Love.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles - Crystal Castles [2010]\13 - Intimate.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles - Crystal Castles [2010]\14 - I Am Made of Chalk.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles - Crystal Castles [2010]\Torrent downloaded from Demonoid.com.txt
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles\01 Untrust Us.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles\02 Alice Practice.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles\03 Crimewave.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles\04 Magic Spells.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles\05 Xxzxcuzx Me.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles\06 Air War.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles\07 Courtship Dating.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles\08 Good Time.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles\09 1991.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles\10 Vanished.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles\11 Knights.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles\12 Love and Caring.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles\13 Through the Hosiery.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles\14 Reckless.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles\15 Black Panther.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Crystal Castles\16 Tell Me What to Swallow.mp3
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\01 - Introduction.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\02 - The Anthem.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\03 - Chop Your Hands.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\04 - Relax In Mui Ne.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\05 - Naughty Hottie (Interlude).flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\06 - Eat Dog.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\07 - Last Tango In Saigon.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\08 - Apocalypse Now.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\09 - I Wanna Go Back.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\10 - Full Backpack.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\11 - War.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\12 - Lesson With The Master.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\13 - Dark Sea.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\14 - Phuoc Dat (Interlude).flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\15 - Boundless Boundaries.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\16 - What Up Duyet.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\17 - Welcome To Viet Nam.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\18 - Here Come The Flutes.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\19 - The Vallee Of Love.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\20 - Smoking Buddha.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\21 - Clap Clap.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\22 - Bounce (Interlude).flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\23 - Live From Hue.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\24 - Where's My Longan.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\25 - Take A Ride.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\26 - Raw.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\27 - The Ritual.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\28 - Cymbal Oelek.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\29 - The Third Sword (Interlude).flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\30 - One Day.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\31 - They Got Breaks Too.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\32 - Hope.flac
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\Chinoiseries.cue
!-->[Hidden] C:\Documents and Settings\Peter Lavoie\My Documents\Azureus Downloads\Onra - Chinoiseries\Chinoiseries.log
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Antlr3.Runtime\61738489a56efe12589e18fce2795c31\Antlr3.Runtime.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index223.dat
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index224.dat
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.shdocvw\5019705bb988c3e8cc52a52a89fa20ed\Interop.shdocvw.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.XobniRdo\b0ed8fdbdcd02718954acea772b4f9e0\Interop.XobniRdo.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.XobniSkype\7d061ac0096683d1529eb174a582ac20\Interop.XobniSkype.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\92a29f895ad9ad7cb8685ee7b5f4703a\Microsoft.Office.Interop.Word.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\ab794ac4cd066f39846b816f5f821a97\Microsoft.Office.Interop.Outlook.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Vbe.Inter#\0464245ed28fdef2c8cd006c16dfce87\Microsoft.Vbe.Interop.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\272d51526813ea113970b8e890c92ee2\Microsoft.VisualC.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json\04ff1e20c552d6b00cabe617259c65a7\Newtonsoft.Json.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\office\5d421658b501aa6dc885b352ed9b12ee\office.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\stdole\3edff41aadc6608b307c48c62f8bac1c\stdole.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\58202ed61096113d08815c0a78313b66\System.Data.OracleClient.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SQLite\97f57adc1d201762b27936ec780aa1db\System.Data.SQLite.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SQLite\bd2ad25a1814698031f7f83165edfb28\System.Data.SQLite.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3de39eb60b9d32af46f32f6c7a88fc7f\System.Runtime.Remoting.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e7c93ee4f245c996eac4b3a57\System.ServiceModel.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Utilities\aedacc11da8f11075a7f157aad93315c\Utilities.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Xobni.XMapiAccessor\24f2545988531f0a8337e6e9e6e284e3\Xobni.XMapiAccessor.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\XobniCommon\3d59b269b8f96ce71442cefc4c4546c4\XobniCommon.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\XobniCommon\c59c8d8b0b1958b43e1bb00c8be42526\XobniCommon.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\XobniFeeds\23f196b6549cbadceb87d41b876608ac\XobniFeeds.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\XobniFeeds\c9f997c802cd0382566a19a99fa8d4f6\XobniFeeds.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\XobniPluginAPI\4cd8cf661ecd0b3ebf0eef9c38126dd9\XobniPluginAPI.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\XobniPluginAPI\79525dbd4cb182be082e983d57931dbf\XobniPluginAPI.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\XobniStatistics\94712d625f3bfc5a08cc2b4396591e83\XobniStatistics.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\XobniStatistics\dc6e982fd46e3c6074495359a2c655a9\XobniStatistics.ni.dll
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZedGraph\a79cb4efbe31478f7646e54a5142b5a8\ZedGraph.ni.dll
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006AA9A, Type: Inline - RelativeJump 0x80541A9A-->80541AA1 [ntkrnlpa.exe]
[1948]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1948]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1948]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1948]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1948]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1948]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1948]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]


thanks,
Shaollin

Edited by shaollin, 16 August 2010 - 08:47 PM.


#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:35 AM

Posted 17 August 2010 - 03:21 PM

Hallo shaollin,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
    [26 C:\Documents and Settings\Peter Lavoie\Desktop\*.tmp files -> C:\Documents and Settings\Peter Lavoie\Desktop\*.tmp -> ]
    :Commands
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan by clicking Run Scan and post the new OTL log.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • ESET report

Thanks

unite.jpg


#13 shaollin

shaollin
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 17 August 2010 - 10:31 PM

Hey Syler,

Things really seem to be running smoother on my machine! awesome! I have the two OTL reports for you. As for the ESET report, when the program finished running, it indicated that there were 0 threats and 0 threats removed and did not give me the option to export a list of found threats. Here are the OTL reports:

OTL results:

All processes killed
Error: Unable to interpret <CODE> in the current context!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL0098.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL0111.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL0253.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL0297.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL0560.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL0916.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL1014.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL1045.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL1058.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL1059.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL1215.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL1426.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL1466.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL1500.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL2268.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL2382.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL3057.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL3109.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL3121.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL3162.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL3169.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL3280.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL3433.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL3914.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL3937.tmp deleted successfully.
C:\Documents and Settings\Peter Lavoie\Desktop\~WRL3991.tmp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 1236 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 392439 bytes
->Flash cache emptied: 729 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1180050 bytes
->Java cache emptied: 26475 bytes
->Flash cache emptied: 52479 bytes

User: Peter Lavoie
->Temp folder emptied: 365577627 bytes
->Temporary Internet Files folder emptied: 426913104 bytes
->Java cache emptied: 12258945 bytes
->FireFox cache emptied: 14773586 bytes
->Flash cache emptied: 93879 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: postgres.FRESHPB
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 150074056 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 53569626 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 281329618 bytes

Total Files Cleaned = 1,246.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08172010_201151

Files\Folders moved on Reboot...
C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\DVURW9MS\topic336356[1].htm moved successfully.
C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\Content.IE5\5ESEWA1Y\iframe[1].htm moved successfully.
C:\Documents and Settings\Peter Lavoie\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...


New OTL scan:

OTL logfile created on: 08/17/2010 8:31:42 PM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Peter Lavoie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

510.00 Mb Total Physical Memory | 103.00 Mb Available Physical Memory | 20.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 13.09 Gb Free Space | 14.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRESHPB
Current User Name: Peter Lavoie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/10 09:25:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter Lavoie\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/28 16:02:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2009/11/13 14:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2009/06/27 17:24:47 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009/06/27 17:22:03 | 004,505,600 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/04/23 03:38:16 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/04 12:16:20 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2005/02/02 08:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/12/03 16:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/08/10 09:25:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter Lavoie\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/02/02 08:12:14 | 000,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/28 16:02:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2009/11/13 14:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/06/27 17:24:47 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2010/08/10 23:27:54 | 000,039,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2010/05/06 17:10:20 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/15 13:55:48 | 000,005,688 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\CamdVideo.sys -- (CamdVideo)
DRV - [2010/01/15 13:55:44 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamdAudio.sys -- (CamdAudio)
DRV - [2009/12/14 10:07:28 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2009/05/10 11:04:57 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/09/05 20:09:26 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59obex.sys -- (se59obex)
DRV - [2006/09/05 20:08:40 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mgmt.sys -- (se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/05 20:07:52 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdm.sys -- (se59mdm)
DRV - [2006/09/05 20:07:48 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdfl.sys -- (se59mdfl)
DRV - [2006/09/05 20:07:00 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59bus.sys -- (se59bus) Sony Ericsson Device 089 driver (WDM)
DRV - [2006/09/05 20:06:28 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59nd5.sys -- (se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS)
DRV - [2006/09/05 20:06:22 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59unic.sys -- (se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM)
DRV - [2005/04/04 12:25:36 | 000,160,768 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/04/01 06:02:36 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/22 10:39:44 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/03/22 10:39:42 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/03/22 10:39:40 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/15 12:14:52 | 000,346,496 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/03/15 12:14:52 | 000,037,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/03/10 05:41:52 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/02/02 07:58:58 | 000,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/01/31 06:20:03 | 000,211,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 06:12:46 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/18 12:52:16 | 000,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/06/28 06:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/04/14 10:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/06 14:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/2/hi/business/default.stm
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/14 08:30:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/14 08:30:41 | 000,000,000 | ---D | M]

[2010/08/14 08:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Lavoie\Application Data\Mozilla\Extensions
[2010/08/14 08:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Lavoie\Application Data\Mozilla\Firefox\Profiles\uvmtigpb.default\extensions
[2009/09/03 13:37:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Peter Lavoie\Application Data\Mozilla\Firefox\Profiles\uvmtigpb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/09 17:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter Lavoie\Application Data\Mozilla\Firefox\Profiles\uvmtigpb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/01/12 16:40:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter Lavoie\Application Data\Mozilla\Firefox\Profiles\uvmtigpb.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/09/09 00:44:33 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Application Data\Mozilla\Firefox\Profiles\uvmtigpb.default\searchplugins\search.xml
[2010/08/14 08:43:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/05 20:37:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/10/27 03:45:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [SWHelper] C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [SWHelper] C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-606076987-1665562994-3693314357-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-606076987-1665562994-3693314357-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Risk/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Risk/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Peter Lavoie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Peter Lavoie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/09 01:38:58 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/17 20:11:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/16 22:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Lavoie\Application Data\vlc
[2010/08/16 13:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2010/08/16 13:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Lavoie\Application Data\TuneUpMedia
[2010/08/16 13:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2010/08/11 11:03:41 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/08/11 10:25:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/11 10:25:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/11 10:23:56 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Peter Lavoie\Desktop\mbam-setup-1.46.exe
[2010/08/10 23:25:45 | 001,197,904 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Peter Lavoie\Desktop\TDSSKiller.exe
[2010/08/10 09:25:18 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Peter Lavoie\Desktop\OTL.exe
[2010/07/28 16:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/23 23:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

========== Files - Modified Within 30 Days ==========

[2010/08/17 20:31:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/17 20:29:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/17 20:29:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/17 20:29:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/17 20:29:02 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/17 20:27:53 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\ntuser.dat
[2010/08/17 20:27:53 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Peter Lavoie\ntuser.ini
[2010/08/17 20:24:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/17 19:55:52 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{67A19C2B-264D-465C-A5FF-88451F48F699}.job
[2010/08/16 23:14:57 | 002,109,070 | -H-- | M] () -- C:\Documents and Settings\Peter Lavoie\Local Settings\Application Data\IconCache.db
[2010/08/16 21:59:30 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/08/16 21:52:48 | 019,461,015 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\My Documents\vlc-1.1.2-win32.exe
[2010/08/16 13:40:53 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Companion.lnk
[2010/08/16 13:34:46 | 000,001,534 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/16 13:34:46 | 000,001,534 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2010/08/16 13:22:02 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\RKUnhookerLE.EXE
[2010/08/14 08:17:01 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 13:42:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 13:41:07 | 000,000,731 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/12 13:37:36 | 000,519,190 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 13:37:36 | 000,453,430 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 13:37:36 | 000,076,286 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 10:25:27 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/11 10:23:59 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Peter Lavoie\Desktop\mbam-setup-1.46.exe
[2010/08/10 23:27:54 | 000,039,424 | ---- | M] () -- C:\WINDOWS\System32\drivers\AmdK8.sys
[2010/08/10 23:25:24 | 001,132,196 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\tdsskiller.zip
[2010/08/10 14:49:18 | 001,197,904 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Peter Lavoie\Desktop\TDSSKiller.exe
[2010/08/10 10:40:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/10 09:25:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter Lavoie\Desktop\OTL.exe
[2010/08/10 09:24:03 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\mbr.exe
[2010/08/06 13:46:21 | 000,103,424 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\My Documents\AOUT.xls
[2010/08/05 17:59:16 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\My Documents\Vanity fair alice.doc
[2010/08/03 23:32:56 | 000,740,352 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\My Documents\30aout-5sept.xls
[2010/08/03 23:32:49 | 000,735,744 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\My Documents\23-29 AOUT.xls
[2010/08/03 23:32:42 | 000,735,744 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\My Documents\16-22 aout.xls
[2010/08/03 23:32:29 | 000,740,352 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\My Documents\9-15 aout.xls
[2010/07/31 21:58:38 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\gmer.zip
[2010/07/31 21:54:54 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\Desktop\dds.scr
[2010/07/31 17:23:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/29 01:21:26 | 000,736,768 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\My Documents\2-8 aout.xls
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/22 12:28:53 | 000,259,072 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\My Documents\Doc2.doc
[2010/07/22 12:25:30 | 000,435,712 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\My Documents\Goal Frame volume 1.doc
[2010/07/22 10:20:00 | 000,099,952 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\My Documents\Can KL Sample Total Compensation Statement_0003_RES.pdf
[2010/07/22 10:19:45 | 000,071,940 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\My Documents\Store Manager Compensation Plan_0003_RES.pdf
[2010/07/22 10:04:43 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Peter Lavoie\My Documents\Goal_Setting_Worksheet_00014_RES_v1-01.doc

========== Files Created - No Company Name ==========

[2010/08/16 21:59:30 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/08/16 21:52:06 | 019,461,015 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\My Documents\vlc-1.1.2-win32.exe
[2010/08/16 13:40:53 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Companion.lnk
[2010/08/16 13:34:46 | 000,001,534 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2010/08/16 13:22:09 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\RKUnhookerLE.EXE
[2010/08/11 10:25:27 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 23:25:21 | 001,132,196 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\tdsskiller.zip
[2010/08/10 09:24:22 | 000,000,290 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\mbr.log
[2010/08/10 09:24:03 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\mbr.exe
[2010/08/06 13:46:24 | 000,103,424 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\My Documents\AOUT.xls
[2010/08/05 17:59:16 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\My Documents\Vanity fair alice.doc
[2010/08/03 23:32:55 | 000,740,352 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\My Documents\30aout-5sept.xls
[2010/08/03 23:32:49 | 000,735,744 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\My Documents\23-29 AOUT.xls
[2010/08/03 23:32:41 | 000,735,744 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\My Documents\16-22 aout.xls
[2010/08/03 23:32:26 | 000,740,352 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\My Documents\9-15 aout.xls
[2010/07/31 21:59:49 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\gmer.exe
[2010/07/31 21:58:37 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\gmer.zip
[2010/07/31 21:54:53 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\Desktop\dds.scr
[2010/07/29 01:21:25 | 000,736,768 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\My Documents\2-8 aout.xls
[2010/07/22 12:28:53 | 000,259,072 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\My Documents\Doc2.doc
[2010/07/22 11:15:17 | 000,435,712 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\My Documents\Goal Frame volume 1.doc
[2010/07/22 10:20:00 | 000,099,952 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\My Documents\Can KL Sample Total Compensation Statement_0003_RES.pdf
[2010/07/22 10:19:50 | 000,071,940 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\My Documents\Store Manager Compensation Plan_0003_RES.pdf
[2010/07/22 10:04:48 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Peter Lavoie\My Documents\Goal_Setting_Worksheet_00014_RES_v1-01.doc
[2009/10/26 11:37:04 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/10/26 11:37:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/10/26 11:37:04 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/10/26 11:37:03 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009/05/21 13:48:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/08 10:03:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/10/19 20:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/19 16:08:00 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2006/08/29 01:20:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/05/08 16:20:07 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/03/24 17:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/10/01 23:22:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM21.dll
[2005/10/01 23:22:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2005/09/21 21:38:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/26 08:18:23 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/26 08:18:23 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/26 08:18:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/26 08:18:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/26 08:18:23 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/26 08:18:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/26 08:03:45 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/05/26 08:02:20 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\AmdK8.sys
[2005/02/12 04:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/20 12:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/07 09:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/05 08:43:14 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll
[2003/05/21 02:19:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2F06F2
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0A96209
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6BF312D
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54301EF8
< End of report >

Cheers,
Shaollin

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:35 AM

Posted 18 August 2010 - 07:17 AM

Great, your logs are looking fine to me now, although I don't see a running AntiVirus, it really is essential that you have
one installed.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Install an AntiVirus
I don't see an updated Anti Virus Program running on your machine, It is essential that you have
an Anti Virus installed and keep it updated. Without an updated Anti Virus running you are leaving
yourself wide open to infection every time you go on the internet.

These are some suggestion for a good free (non-commercial home use) Anti Virus:

Avast!
Antivir
AVG

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.


Keeping Windows updated
It is extremely important to keep windows up to date with the latest service pack and patches. This will
prevent you from getting the malware which uses vulnerabilities found in windows to exploit your computer.
The easiest way to do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Make sure all programs are updated
It is also possible for other programs on your computer to have security vulnerability that can allow malware
to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed
applications that are regularly patched to fix vulnerabilities. You can check these by visiting
Calendar of Updates or you can install Secunia PSI.

Install a Firewall
I can not stress how important it is that you use a third party Firewall on your computer. Without a firewall
your computer is susceptible to being hacked and taken over. Windows firewall is good for blocking inbound
connections but it does not block outbound connections. So if Malware manages to get onto your computer it
will be able to send data out when it wants. Here are some free firewalls, you only need to install one of these.

Zone Alarm
Outpost
PC Tools

After you install the third party firewall disable your Windows firewall. Go to My Computer >> Control Panel >> Windows Firewall
and choose Off (not recommended) option. Then click Apply and Ok.

Install Sanboxie
Sandboxie is a great program to help protect you against malware, working inside Sandboxie will basically
mean that, what you are doing will not make a permenant changes to your system, unless you allow it too.
So you can be surfing the web inside Sandboxie then if you happen to stumble upon a bad site and get
infected, you can simply delete the Sanbox and all is gone. Having said that, it can not be considered 100%
secure as no program can be, but it can be a great help and is an excellent program. You can find a download
link and more information about the program here.

Secure your browsing
Firefox is generally considered to be a lot safer that Internet Explorer, I would recommend that you install
Firefox and install some addons that will make the browser even safer. You can download the latest version
of Firefox here, if you already have firefox these are some good addons.

Recommended addons
NoScript
Adblock Plus
WOT

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs. You can find a tutorial and download link here.

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions here.


Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#15 shaollin

shaollin
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 18 August 2010 - 09:05 AM

Awesome!!

Thanks a lot!
Shaollin




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users