Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Port 80 Blocked


  • This topic is locked This topic is locked
32 replies to this topic

#1 txbigden1

txbigden1

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 21 March 2011 - 02:01 PM

I was surfing when all of a sudden I lost all port 80 activity. I could ping, smtp, IM, with no problems, but non of my browsers would open any websites.

I have Malwarebytes full version, and ran a complete scan with nothing found.

I ran combofix and it would get 'stuck' on sed.cfxxe running 100% for hours. It did finally complete many hours later but didn't fix my problem (I ran this prior to signing up for this forum, so won't run it again).

I've run TDSSKiller but it found nothing.

I did a system restore to 3 days prior and it restored but didn't fix the problem.

I was able to run a netsh command that opened up port 80 and allowed me to get online. (netsh firewall set portopening tcp 80 ENABLE)

After reading this forum I ran the ESET Virus scanner and it cleared out 11 items (though several of them were quarantined items).

Everything seemed to be running much better than even before the day before.

This morning I came in and my port 80 was blocked again. I was again able to run the netsh command and got back online.

I did a Kaspersky boot image and ran the tdsskiller that way and it didn't find anything either.

The GMER kept giving me errors when I tried to save. After I rebooted several times I was able to open GMER and save the following ark.log.

I've attached the dds files.

The computer is acting funny and I'm certain is infected. Any help is appreciated.

Computer is a Dell D610 with XP SP 2 on it. Since I had it I added the hijackthis.log too.

Thanks
Dennis

This morning I'm blocked again and now the netsh command isn't clearing it off. I can't get any browser to work.

Is there anything else to run for logs or any ideas? I'm getting depserate

EDIT: Posts merged ~BP

Ok, sometime I just want to kick myself. I still believe I have something on my computer, and especially after looking at the GMER comment, but the port 80 is a self inflicted (slapping myself in the forehead) situation.

I had set a block for my son between 11 - 7 so he'd go to sleep. We'd all be away for a week and when DHCP reissued our numbers, we all got new IP addresses and I got his old one. So it was blocking me at night and in the morning when I get up. *DUH* At least I know the firewall rule works. I guess my timing was just really good 2x on running the netsh command. It's times like this I wonder how I'm not bald from pulling my hair out.

If I need to move this to another forum to look at the logs please let me know.

Thanks
Dennis

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 23 March 2011 - 01:52 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:20 PM

Posted 26 March 2011 - 06:15 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 txbigden1

txbigden1
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 27 March 2011 - 07:15 AM

I'm still here, and having issues. My port 80 issue is resolved as I stated earlier, but my computer is still running horridly.

My cpu will be at 50% and nothing running in processes, extremely slow response, and hard drive is constantly running. I did remove Panda and install Avast. If I need to rerun any logs please let me know.

I truly appreciate the help.

Dennis

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:20 PM

Posted 27 March 2011 - 07:28 AM

Can you run TDSSKiller first of all.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 txbigden1

txbigden1
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 27 March 2011 - 07:41 AM

2011/03/27 07:37:40.0203 3780 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/27 07:37:41.0031 3780 ================================================================================
2011/03/27 07:37:41.0031 3780 SystemInfo:
2011/03/27 07:37:41.0031 3780
2011/03/27 07:37:41.0031 3780 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/27 07:37:41.0031 3780 Product type: Workstation
2011/03/27 07:37:41.0031 3780 ComputerName: IT2RESCUE
2011/03/27 07:37:41.0031 3780 UserName: dennis
2011/03/27 07:37:41.0031 3780 Windows directory: C:\WINDOWS
2011/03/27 07:37:41.0031 3780 System windows directory: C:\WINDOWS
2011/03/27 07:37:41.0031 3780 Processor architecture: Intel x86
2011/03/27 07:37:41.0031 3780 Number of processors: 1
2011/03/27 07:37:41.0031 3780 Page size: 0x1000
2011/03/27 07:37:41.0031 3780 Boot type: Normal boot
2011/03/27 07:37:41.0031 3780 ================================================================================
2011/03/27 07:37:42.0781 3780 Initialize success
2011/03/27 07:37:45.0296 2912 ================================================================================
2011/03/27 07:37:45.0296 2912 Scan started
2011/03/27 07:37:45.0296 2912 Mode: Manual;
2011/03/27 07:37:45.0296 2912 ================================================================================
2011/03/27 07:37:48.0406 2912 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/03/27 07:37:49.0640 2912 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/27 07:37:50.0140 2912 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/27 07:37:50.0984 2912 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/27 07:37:51.0515 2912 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/27 07:37:53.0703 2912 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
2011/03/27 07:37:54.0203 2912 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/03/27 07:37:55.0656 2912 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/03/27 07:37:56.0265 2912 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/03/27 07:37:56.0781 2912 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/03/27 07:37:57.0375 2912 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/03/27 07:37:58.0062 2912 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/03/27 07:37:58.0656 2912 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/03/27 07:37:59.0109 2912 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/27 07:37:59.0546 2912 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/27 07:38:00.0828 2912 ati2mtag (2a6c99cfdc23c9c26d0e30b1c99748d4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/03/27 07:38:01.0828 2912 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/27 07:38:02.0281 2912 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/27 07:38:02.0703 2912 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/03/27 07:38:03.0281 2912 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/03/27 07:38:03.0953 2912 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/27 07:38:04.0828 2912 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/27 07:38:05.0656 2912 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/27 07:38:06.0093 2912 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/27 07:38:06.0671 2912 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/27 07:38:07.0328 2912 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/03/27 07:38:07.0765 2912 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
2011/03/27 07:38:08.0187 2912 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/27 07:38:09.0078 2912 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/27 07:38:10.0734 2912 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/27 07:38:11.0468 2912 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/27 07:38:12.0468 2912 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/27 07:38:13.0343 2912 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/27 07:38:13.0859 2912 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/27 07:38:14.0375 2912 DNE (c86fbf607445bf693450d84b775f168c) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/03/27 07:38:14.0921 2912 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/03/27 07:38:15.0437 2912 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/03/27 07:38:15.0828 2912 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
2011/03/27 07:38:16.0343 2912 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/03/27 07:38:17.0093 2912 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/27 07:38:17.0562 2912 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/03/27 07:38:18.0187 2912 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/03/27 07:38:18.0765 2912 easytether (df197feb19746f8a6a310d32655814a0) C:\WINDOWS\system32\DRIVERS\easytthr.sys
2011/03/27 07:38:19.0343 2912 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/27 07:38:19.0828 2912 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/27 07:38:20.0312 2912 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/27 07:38:20.0671 2912 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/27 07:38:21.0125 2912 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/27 07:38:21.0546 2912 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/03/27 07:38:22.0062 2912 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/27 07:38:22.0578 2912 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/27 07:38:23.0203 2912 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/03/27 07:38:23.0609 2912 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/27 07:38:24.0125 2912 GTIPCI21 (ca835331825599b938e37525796d3549) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
2011/03/27 07:38:24.0593 2912 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/27 07:38:25.0046 2912 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys
2011/03/27 07:38:25.0765 2912 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/27 07:38:26.0296 2912 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/27 07:38:26.0734 2912 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/27 07:38:27.0312 2912 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/03/27 07:38:28.0234 2912 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
2011/03/27 07:38:29.0265 2912 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/27 07:38:29.0890 2912 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/27 07:38:30.0796 2912 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/27 07:38:31.0250 2912 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/27 07:38:32.0031 2912 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/27 07:38:32.0500 2912 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/27 07:38:32.0921 2912 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/27 07:38:33.0390 2912 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/27 07:38:33.0859 2912 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/27 07:38:34.0515 2912 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/27 07:38:35.0031 2912 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/27 07:38:35.0500 2912 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/03/27 07:38:35.0953 2912 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/27 07:38:36.0390 2912 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/27 07:38:36.0890 2912 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/27 07:38:37.0437 2912 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/27 07:38:38.0156 2912 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/27 07:38:38.0687 2912 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/27 07:38:39.0156 2912 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
2011/03/27 07:38:39.0687 2912 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys
2011/03/27 07:38:40.0140 2912 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/27 07:38:40.0625 2912 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/27 07:38:41.0031 2912 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/27 07:38:41.0593 2912 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/27 07:38:42.0234 2912 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/27 07:38:42.0718 2912 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/27 07:38:45.0765 2912 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/27 07:38:46.0890 2912 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/27 07:38:48.0859 2912 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/27 07:38:49.0937 2912 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/27 07:38:51.0265 2912 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/27 07:38:53.0015 2912 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/27 07:38:54.0125 2912 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/27 07:38:54.0875 2912 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/27 07:38:55.0953 2912 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/27 07:38:57.0156 2912 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/27 07:38:57.0906 2912 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/27 07:38:58.0718 2912 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/27 07:38:59.0671 2912 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/27 07:39:00.0812 2912 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/27 07:39:02.0218 2912 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/27 07:39:03.0453 2912 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
2011/03/27 07:39:03.0937 2912 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/27 07:39:04.0546 2912 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/27 07:39:05.0687 2912 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/27 07:39:06.0421 2912 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
2011/03/27 07:39:06.0984 2912 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/27 07:39:07.0359 2912 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/27 07:39:07.0750 2912 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/03/27 07:39:08.0187 2912 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/03/27 07:39:08.0671 2912 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/03/27 07:39:09.0343 2912 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
2011/03/27 07:39:09.0937 2912 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
2011/03/27 07:39:10.0765 2912 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
2011/03/27 07:39:11.0296 2912 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/03/27 07:39:11.0734 2912 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/27 07:39:12.0281 2912 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/27 07:39:12.0906 2912 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/27 07:39:13.0531 2912 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
2011/03/27 07:39:14.0000 2912 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/27 07:39:14.0687 2912 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/03/27 07:39:15.0031 2912 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/03/27 07:39:17.0609 2912 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/27 07:39:18.0062 2912 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/27 07:39:18.0421 2912 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/27 07:39:18.0828 2912 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/27 07:39:21.0156 2912 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/27 07:39:21.0687 2912 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/03/27 07:39:22.0062 2912 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/27 07:39:22.0515 2912 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/27 07:39:22.0937 2912 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/27 07:39:23.0359 2912 RCFOX (90c0d0bb55c27332d9879004accf20cd) C:\WINDOWS\system32\Drivers\RCFOX.sys
2011/03/27 07:39:23.0781 2912 rcvpn (808b237c0b31327be1dbd72f14787f7e) C:\WINDOWS\system32\DRIVERS\rcvpn.sys
2011/03/27 07:39:24.0187 2912 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/27 07:39:24.0640 2912 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/27 07:39:25.0203 2912 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/27 07:39:25.0703 2912 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/27 07:39:26.0140 2912 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/27 07:39:26.0625 2912 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/03/27 07:39:27.0031 2912 RkPavproc1 (53f647be062c55e3a18c68608ffd105b) C:\WINDOWS\system32\drivers\RkPavproc1.sys
2011/03/27 07:39:27.0406 2912 RkPavproc2 (53f647be062c55e3a18c68608ffd105b) C:\WINDOWS\system32\drivers\RkPavproc2.sys
2011/03/27 07:39:27.0828 2912 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/03/27 07:39:28.0250 2912 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/27 07:39:28.0640 2912 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/27 07:39:29.0062 2912 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/27 07:39:29.0578 2912 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/27 07:39:30.0265 2912 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/03/27 07:39:31.0109 2912 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/27 07:39:31.0546 2912 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/27 07:39:32.0171 2912 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/27 07:39:32.0750 2912 ssadbus (406776fe3c2b66796bac1a7afb9ac8a1) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
2011/03/27 07:39:33.0156 2912 ssadmdfl (b19532d015a5d295e2aa34bb521202cf) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
2011/03/27 07:39:33.0562 2912 ssadmdm (2aebf9108e6f435458b9499c27394da4) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
2011/03/27 07:39:34.0031 2912 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/03/27 07:39:34.0406 2912 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/03/27 07:39:34.0953 2912 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
2011/03/27 07:39:35.0453 2912 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/27 07:39:35.0906 2912 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/27 07:39:36.0312 2912 swmsflt (150ab4fa272130ec55b2a4faebdf47f9) C:\WINDOWS\System32\drivers\swmsflt.sys
2011/03/27 07:39:36.0796 2912 swmx00 (5d3c9f767eaded3e14fa4ce6cf9f7725) C:\WINDOWS\system32\DRIVERS\swmx00.sys
2011/03/27 07:39:37.0296 2912 SWNC5E00 (e0919389fb29ed5c03b0b664236abe50) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys
2011/03/27 07:39:39.0187 2912 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/27 07:39:39.0796 2912 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/27 07:39:40.0484 2912 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/03/27 07:39:41.0062 2912 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/27 07:39:41.0421 2912 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/27 07:39:41.0953 2912 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/27 07:39:42.0390 2912 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/03/27 07:39:42.0703 2912 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/03/27 07:39:43.0093 2912 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/03/27 07:39:43.0421 2912 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
2011/03/27 07:39:43.0843 2912 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/03/27 07:39:44.0187 2912 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/03/27 07:39:44.0500 2912 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/03/27 07:39:44.0906 2912 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/03/27 07:39:45.0421 2912 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/03/27 07:39:46.0234 2912 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/03/27 07:39:46.0656 2912 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/27 07:39:47.0812 2912 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/27 07:39:48.0468 2912 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/27 07:39:48.0921 2912 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/27 07:39:49.0328 2912 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/27 07:39:49.0703 2912 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/27 07:39:50.0125 2912 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/03/27 07:39:50.0515 2912 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/27 07:39:50.0921 2912 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/27 07:39:51.0312 2912 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/27 07:39:51.0671 2912 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/27 07:39:52.0078 2912 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/27 07:39:52.0828 2912 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/27 07:39:53.0250 2912 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/27 07:39:53.0765 2912 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/03/27 07:39:54.0343 2912 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/03/27 07:39:55.0406 2912 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/27 07:39:56.0515 2912 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/27 07:39:57.0484 2912 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/03/27 07:39:57.0890 2912 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/27 07:39:58.0406 2912 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/27 07:39:58.0875 2912 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/27 07:39:59.0453 2912 ================================================================================
2011/03/27 07:39:59.0453 2912 Scan finished
2011/03/27 07:39:59.0453 2912 ================================================================================

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:20 PM

Posted 27 March 2011 - 01:41 PM

Please now run this scan using OTL, a scanner with removal abilities.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#7 txbigden1

txbigden1
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 27 March 2011 - 06:49 PM

Here are the log files. The OTL took about 5 hours to run, I'm not sure if that's normal, but if I understood you correctly this was a bit excessive. I really appreciate your help.

Thanks
Dennis

OTL Extras logfile created on: 3/27/2011 3:08:45 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\dennis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 106.00 Mb Available Physical Memory | 21.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 16.28 Gb Free Space | 29.12% Space Free | Partition Type: NTFS
Drive D: | 5.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: IT2RESCUE | User Name: dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"9069:TCP" = 9069:TCP:*:Enabled:Services
"9070:TCP" = 9070:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"9069:TCP" = 9069:TCP:*:Enabled:Services
"9070:TCP" = 9070:TCP:*:Enabled:Services
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\IBP 9\IBP.exe" = C:\Program Files\IBP 9\IBP.exe:*:Enabled:Internet Business Promoter (IBP) -- (Axandra GmbH)
"C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe" = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client -- (SonicWALL, Inc.)
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8 -- (Macromedia, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1205605376\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1205605376\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\1205605376\ee\AOLDesktop.exe" = C:\Program Files\Common Files\AOL\1205605376\ee\AOLDesktop.exe:*:Enabled:AOL Desktop -- (AOL LLC)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\AOL 9.5a\waol.exe" = C:\Program Files\AOL 9.5a\waol.exe:*:Enabled:AOL
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{1B7AC2F8-D0D7-4551-9C36-961529126944}" = Enterprise
"{1CBA4A45-94C9-46F6-8D73-22B77DD43C7D}" = Arts & Letters EXPRESS 8.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 24
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{392D84D0-EAA2-012B-ADD8-000000000000}" = TurboTax 2009 wlaiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CD1ADA0-EAA2-012B-AEBD-000000000000}" = TurboTax 2009 wtniper
"{40BA976E-38B8-4C63-990C-50999C8C3521}" = BPD_Scan
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF3A357-3C4F-49EE-B16C-D45D7D7F1819}" = EasyTether
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6A69D94E-C569-4154-9643-72E94D1DDFDA}" = XPS Essentials Pack
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9D3251-0E92-4C91-80AE-05EEAFC6467D}" = Unitronics VisiLogic_C
"{8AFE6E90-060E-4774-861B-2408299A357C}" = HP Officejet J5700 AiO Series Corporate Edition 8.0
"{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}" = SAMSUNG USB Driver for Mobile Phones
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus
"{96165A0E-F058-4303-B701-A91C219E3967}" = TurboTax 2010 wtniper
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA37E4FD-42AC-42F0-A3C1-7A8AAACF9853}" = The Bible Collection Installer
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F20211A6-DCCE-4A4A-87E6-638717417B48}" = TurboTax 2010 wlaiper
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FB36174F-6AA4-4532-B011-F86FD597D471}" = TurboTax 2008 wlaiper
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"All ATI Software" = ATI - Software Uninstall Utility
"Allok Video to FLV Converter_is1" = Allok Video to FLV Converter 4.7.1202
"Any Password_is1" = Any Password 1.44
"AOL Regclient" = AOL Registration
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Deluxe Bible Collection" = Deluxe Bible Collection
"ESET Online Scanner" = ESET Online Scanner v3
"File Smile" = File Smile
"Good Keywords v2.01_is1" = Good Keywords v2.01.100107
"Good Keywords v3_is1" = Good Keywords v3 0.409.101608
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"IBP9_is1" = IBP & ARELIS 9.6
"ImgBurn" = ImgBurn
"InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"InstallShield_{DA37E4FD-42AC-42F0-A3C1-7A8AAACF9853}" = The Bible Collection Installer
"KeePass Password Safe_is1" = KeePass Password Safe 1.11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROPLUS" = Microsoft Office Professional Plus 2007
"Smart Converter CL" = Smart Converter CL
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SQLyog Community" = SQLyog Community 7.12
"TightVNC_is1" = TightVNC 1.3.9
"Trillian" = Trillian
"TroopMaster 2010" = TroopMaster 2010
"TroopMaster Millennium" = TroopMaster Millennium
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax Business 2007" = TurboTax Business 2007
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/16/2011 4:57:48 PM | Computer Name = IT2RESCUE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/16/2011 4:57:48 PM | Computer Name = IT2RESCUE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/16/2011 5:00:29 PM | Computer Name = IT2RESCUE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2010": Connection
Error:Invalid user ID or passwo

Error - 3/16/2011 5:00:29 PM | Computer Name = IT2RESCUE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2010": Connection
String:CON=QBConnectionPool-Probe-QB_IT2RESCUE_20;;DBF=C:\Documents and Settings\All
Users\Documents\Intuit\QuickBooks\Company Files\IT2Rescue.QBW;CommLinks="tcpip(IP=192.9.204.105;TO=5;DOBROADCAST=NONE;port=55338)";ServerName=QB_IT2RESCUE_20;DBN=457b622565d84dfc826a5621480529

Error - 3/16/2011 5:00:29 PM | Computer Name = IT2RESCUE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2010": DBConnPool::HandleConnectionError
errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1036 from
function:'DBMgr::DBConnPool::ini

Error - 3/17/2011 8:15:57 PM | Computer Name = IT2RESCUE | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4079, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

Error - 3/20/2011 8:51:04 PM | Computer Name = IT2RESCUE | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4079, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

Error - 3/20/2011 8:52:37 PM | Computer Name = IT2RESCUE | Source = Application Error | ID = 1001
Description = Fault bucket -1955278350.

Error - 3/23/2011 6:36:58 PM | Computer Name = IT2RESCUE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/23/2011 6:37:20 PM | Computer Name = IT2RESCUE | Source = Application Hang | ID = 1001
Description = Fault bucket -1932911545.

[ OSession Events ]
Error - 4/22/2008 6:09:04 PM | Computer Name = IT2RESCUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 110
seconds with 60 seconds of active time. This session ended with a crash.

Error - 5/5/2008 12:07:16 PM | Computer Name = IT2RESCUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9659
seconds with 720 seconds of active time. This session ended with a crash.

Error - 4/22/2010 7:29:31 AM | Computer Name = IT2RESCUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 111
seconds with 60 seconds of active time. This session ended with a crash.

Error - 4/22/2010 7:30:07 AM | Computer Name = IT2RESCUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/11/2010 2:42:15 PM | Computer Name = IT2RESCUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13280
seconds with 1440 seconds of active time. This session ended with a crash.

Error - 7/28/2010 12:51:29 PM | Computer Name = IT2RESCUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10855
seconds with 3660 seconds of active time. This session ended with a crash.

Error - 12/22/2010 11:55:47 AM | Computer Name = IT2RESCUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 55019
seconds with 300 seconds of active time. This session ended with a crash.

Error - 12/22/2010 6:19:13 PM | Computer Name = IT2RESCUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3798
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/22/2010 11:31:56 PM | Computer Name = IT2RESCUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18686
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/6/2011 5:28:41 PM | Computer Name = IT2RESCUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 200
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/26/2011 7:16:14 AM | Computer Name = IT2RESCUE | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 3/27/2011 4:11:15 AM | Computer Name = IT2RESCUE | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 3/27/2011 4:11:37 AM | Computer Name = IT2RESCUE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Installer service
to connect.

Error - 3/27/2011 4:11:37 AM | Computer Name = IT2RESCUE | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%1053

Error - 3/27/2011 4:12:26 AM | Computer Name = IT2RESCUE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Silverlight (KB2477244).

Error - 3/27/2011 8:02:03 AM | Computer Name = IT2RESCUE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 3/27/2011 8:02:03 AM | Computer Name = IT2RESCUE | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 3/27/2011 8:02:03 AM | Computer Name = IT2RESCUE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 3/27/2011 8:02:03 AM | Computer Name = IT2RESCUE | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 3/27/2011 8:08:31 AM | Computer Name = IT2RESCUE | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).


< End of report >

OTL logfile created on: 3/27/2011 3:08:45 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\dennis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 106.00 Mb Available Physical Memory | 21.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 16.28 Gb Free Space | 29.12% Space Free | Partition Type: NTFS
Drive D: | 5.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: IT2RESCUE | User Name: dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\dennis\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\AOL\1205605376\ee\aolsoftware.exe (AOL Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\dennis\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (QBCFMonitorService) -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (QuickBooksDB20) -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe (Intuit, Inc.)
SRV - (QBFCService) -- c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (RampartSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe (SonicWALL, Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (easytether) -- C:\WINDOWS\system32\drivers\easytthr.sys (Mobile Stream)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort2) -- C:\WINDOWS\system32\drivers\nwusbser2.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (RkPavproc2) -- C:\WINDOWS\system32\drivers\RkPavproc2.sys (Panda Security, S.L.)
DRV - (RkPavproc1) -- C:\WINDOWS\system32\drivers\RkPavproc1.sys (Panda Security, S.L.)
DRV - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\WINDOWS\system32\drivers\SWNC5E00.sys (Sierra Wireless Inc.)
DRV - (swmx00) Sierra Wireless USB MUX Driver (#00) -- C:\WINDOWS\system32\drivers\swmx00.sys (Sierra Wireless Inc.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (RCFOX) -- C:\WINDOWS\system32\drivers\RCFOX.SYS (SonicWALL, Inc.)
DRV - (rcvpn) -- C:\WINDOWS\system32\drivers\rcvpn.sys (SonicWALL, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Zynga Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Zynga Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {c38eebda-0a39-4f01-989b-dc3ef3124bc2}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {58ae6290-0a2a-40bc-b8f1-215751609afc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/29 11:17:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/23 20:58:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 17:40:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 17:40:02 | 000,000,000 | ---D | M]

[2011/03/04 13:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Extensions
[2008/12/15 09:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/03/04 13:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/23 17:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Firefox\Profiles\kbom0jq8.default\extensions
[2010/04/27 16:58:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Firefox\Profiles\kbom0jq8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/23 17:42:10 | 000,000,000 | ---D | M] (MWDominate Community Toolbar) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Firefox\Profiles\kbom0jq8.default\extensions\{58ae6290-0a2a-40bc-b8f1-215751609afc}
[2011/03/23 17:42:17 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Firefox\Profiles\kbom0jq8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/01/29 05:08:07 | 000,000,000 | ---D | M] (MafiaWarsSecrets Toolbar) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Firefox\Profiles\kbom0jq8.default\extensions\{c38eebda-0a39-4f01-989b-dc3ef3124bc2}
[2011/03/06 09:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Firefox\Profiles\kbom0jq8.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/06 09:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Firefox\Profiles\kbom0jq8.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2008/10/22 21:52:01 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\dennis\Application Data\Mozilla\Firefox\Profiles\kbom0jq8.default\searchplugins\aol-search.xml
[2009/11/25 21:08:56 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\dennis\Application Data\Mozilla\Firefox\Profiles\kbom0jq8.default\searchplugins\conduit.xml
[2011/03/25 13:16:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/23 17:40:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/29 11:18:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/09 18:03:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/12 21:07:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2011/01/11 17:11:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/09 07:23:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/03/23 20:58:33 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2008/11/29 11:17:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/09/03 12:57:18 | 000,113,976 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2011/02/10 18:44:16 | 000,449,848 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2010/02/14 09:32:40 | 000,027,448 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atsc3cls.dll
[2009/02/04 11:55:07 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2009/01/16 20:17:04 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2010/02/14 09:32:35 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/07/07 16:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
[2009/07/07 16:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
[2009/06/25 13:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2011/01/30 10:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/12/08 13:45:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/12/08 13:45:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/12/08 13:45:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/10/13 12:39:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/12/08 13:45:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/12/08 13:45:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/12/08 13:45:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/01/01 03:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 03:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 03:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 03:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/03/25 10:38:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1205605376\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] c:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\dennis\Start Menu\Programs\Startup\AutoMailer.lnk = C:\Troopmaster Software\AutoMailer\AutoMailer.exe ()
O4 - Startup: C:\Documents and Settings\dennis\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-04f4f9417a7c8afd.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sell-thru.webex.com/client/T25L/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.9.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\dennis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\dennis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/14 21:09:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/27 15:07:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dennis\Desktop\OTL.exe
[2011/03/25 13:05:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/25 09:05:50 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/03/24 03:01:29 | 000,000,000 | ---D | C] -- C:\c249184be13f2c5d8fb5ec
[2011/03/23 20:59:41 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/23 20:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/03/23 20:59:40 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/23 20:59:34 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/23 20:59:33 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/23 20:59:32 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/23 20:59:29 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/23 20:59:29 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/23 20:59:28 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/23 20:58:28 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/03/23 20:58:25 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/23 20:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/23 20:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/23 17:38:10 | 012,580,112 | ---- | C] (Mozilla) -- C:\Documents and Settings\dennis\Desktop\Firefox Setup 4.0.exe
[2011/03/21 14:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dennis\Desktop\virus
[2011/03/21 11:54:31 | 000,017,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\RkPavproc2.sys
[2011/03/20 15:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/19 16:03:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\dennis\Desktop\TDSSKiller.exe
[2011/03/10 11:49:10 | 000,000,000 | ---D | C] -- C:\adbb181a3baf236615ba411a28cc
[2011/03/10 11:43:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mobile Stream
[2011/03/10 11:43:14 | 000,017,232 | ---- | C] (Mobile Stream) -- C:\WINDOWS\System32\drivers\easytthr.sys
[2011/03/10 11:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mobile Stream
[2011/03/09 07:23:12 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/09 07:23:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/09 07:23:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/08 22:12:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/03/08 15:45:30 | 000,017,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\RkPavproc1.sys
[2011/03/04 13:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dennis\Local Settings\Application Data\MozSwing
[2011/03/03 19:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dennis\Application Data\Panda Security
[2011/03/03 19:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/03/03 18:21:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Debug
[2010/02/06 08:12:16 | 006,512,640 | ---- | C] ( ) -- C:\WINDOWS\sspro.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/27 15:06:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dennis\Desktop\OTL.exe
[2011/03/27 07:35:06 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\dennis\Desktop\tdsskiller.zip
[2011/03/26 07:24:57 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\dennis\Desktop\austincountertops.com
[2011/03/25 20:56:22 | 000,001,858 | -H-- | M] () -- C:\Documents and Settings\dennis\My Documents\Default.rdp
[2011/03/25 10:38:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/25 09:59:50 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\dennis\Desktop\rkill.com
[2011/03/25 09:44:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/25 09:39:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/25 09:35:43 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011/03/24 04:51:23 | 000,100,326 | ---- | M] () -- C:\Documents and Settings\dennis\My Documents\Dennis.apw
[2011/03/23 20:59:42 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/23 20:59:30 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/23 17:40:26 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/23 17:40:26 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/23 17:39:13 | 012,580,112 | ---- | M] (Mozilla) -- C:\Documents and Settings\dennis\Desktop\Firefox Setup 4.0.exe
[2011/03/22 10:40:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\dennis\defogger_reenable
[2011/03/21 08:40:27 | 000,000,050 | ---- | M] () -- C:\Documents and Settings\dennis\port80.bat
[2011/03/20 20:25:11 | 000,108,032 | ---- | M] () -- C:\Documents and Settings\dennis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/20 20:20:02 | 000,042,806 | ---- | M] () -- C:\Documents and Settings\dennis\Desktop\TP010274803.cab
[2011/03/17 05:09:54 | 000,103,570 | ---- | M] () -- C:\Documents and Settings\dennis\Desktop\Contig.zip
[2011/03/16 15:59:22 | 000,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/16 15:59:22 | 000,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\dennis\Desktop\TDSSKiller.exe
[2011/03/10 11:59:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011/03/10 11:59:21 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/03/10 11:59:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/09 13:32:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/04 13:10:38 | 000,210,056 | ---- | M] () -- C:\Documents and Settings\dennis\.ranktracker.properties
[2011/03/04 12:45:50 | 047,631,554 | ---- | M] () -- C:\Documents and Settings\dennis\Desktop\seopowersuite-jre.zip
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/27 07:35:18 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\dennis\Desktop\tdsskiller.zip
[2011/03/26 07:24:56 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\dennis\Desktop\austincountertops.com
[2011/03/25 09:59:44 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\dennis\Desktop\rkill.com
[2011/03/25 09:35:43 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/03/23 20:59:42 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/23 17:40:26 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/23 17:40:26 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/22 10:40:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\dennis\defogger_reenable
[2011/03/21 06:19:51 | 000,000,050 | ---- | C] () -- C:\Documents and Settings\dennis\port80.bat
[2011/03/20 20:20:19 | 000,042,806 | ---- | C] () -- C:\Documents and Settings\dennis\Desktop\TP010274803.cab
[2011/03/17 05:10:26 | 000,103,570 | ---- | C] () -- C:\Documents and Settings\dennis\Desktop\Contig.zip
[2011/03/10 11:59:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011/03/10 11:59:21 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/03/04 13:10:33 | 000,210,056 | ---- | C] () -- C:\Documents and Settings\dennis\.ranktracker.properties
[2011/03/04 12:42:38 | 047,631,554 | ---- | C] () -- C:\Documents and Settings\dennis\Desktop\seopowersuite-jre.zip
[2010/09/01 19:48:28 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/09/01 19:48:28 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/09/01 19:47:30 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\dennis\Application Data\$_hpcst$.hpc
[2010/08/31 14:02:24 | 000,037,926 | ---- | C] () -- C:\Documents and Settings\dennis\Application Data\Comma Separated Values (DOS).ADR
[2010/05/04 13:52:40 | 000,002,437 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010/04/09 16:06:20 | 000,145,975 | ---- | C] () -- C:\WINDOWS\hpwins10.dat
[2010/04/09 16:06:20 | 000,001,042 | ---- | C] () -- C:\WINDOWS\hpwmdl10.dat
[2010/02/16 13:05:35 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/02/15 22:31:44 | 000,116,176 | ---- | C] () -- C:\WINDOWS\iun1405.exe
[2010/02/15 22:31:44 | 000,000,117 | ---- | C] () -- C:\WINDOWS\BL_EE51.ini
[2010/02/06 08:12:15 | 000,304,128 | ---- | C] () -- C:\WINDOWS\msatools64.dll
[2010/02/06 08:12:14 | 000,296,448 | ---- | C] () -- C:\WINDOWS\perfsysdeam.dll
[2010/02/06 08:11:59 | 000,002,473 | ---- | C] () -- C:\WINDOWS\swn32reg.dll
[2010/01/25 22:39:38 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2009/10/28 16:56:00 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/09/16 20:49:55 | 000,000,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/14 16:39:46 | 000,000,113 | ---- | C] () -- C:\WINDOWS\(null)toolkit.ini
[2009/09/14 15:33:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\dennis\Local Settings\Application Data\housecall.guid.cache
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/25 18:39:19 | 000,000,032 | ---- | C] () -- C:\WINDOWS\qpg.INI
[2009/01/14 15:02:17 | 000,012,987 | ---- | C] () -- C:\Documents and Settings\dennis\Application Data\Microsoft Excel 97-2003.CAL
[2008/10/15 12:58:34 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/04/29 09:14:57 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\dennis\Local Settings\Application Data\fusioncache.dat
[2008/04/03 06:35:43 | 000,242,176 | ---- | C] () -- C:\WINDOWS\System32\fixflash.exe
[2008/04/03 06:35:42 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2008/04/03 06:35:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2008/03/28 15:37:29 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2008/03/27 12:50:11 | 000,000,079 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2008/03/23 16:00:35 | 000,108,032 | ---- | C] () -- C:\Documents and Settings\dennis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/05 09:42:21 | 000,001,289 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/03/01 11:01:04 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2008/03/01 07:58:29 | 000,000,297 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/25 11:29:03 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/02/21 18:31:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/02/21 10:07:27 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2008/02/14 21:24:51 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/02/14 21:24:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/02/14 21:24:51 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/02/14 21:24:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2008/02/14 21:23:11 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/02/14 21:13:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/02/14 21:06:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/02/14 14:59:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/02/14 14:58:17 | 000,293,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/20 05:27:16 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/09/20 05:27:16 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/09/20 05:27:16 | 000,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/20 05:27:16 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/09/20 05:27:16 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/09/20 05:27:16 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/09/20 05:27:16 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/09/20 05:27:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/09/20 05:27:16 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/09/20 05:27:16 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/09/20 05:27:16 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/09/20 05:27:16 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/09/20 05:27:16 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/09/20 05:27:16 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/09/20 05:27:16 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/09/20 05:27:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/09/20 05:27:16 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/09/20 05:27:16 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/09/20 05:27:16 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/12 18:43:54 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2006/03/27 13:08:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/22 14:17:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,444,156 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,072,248 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/10/28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

========== LOP Check ==========

[2009/01/25 06:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AAEFSXWJYG
[2009/08/26 14:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AEOJKWNEYG
[2009/04/13 14:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/05/08 07:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASNJKWNEYG
[2011/03/23 20:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/03/17 18:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BEEFSXWJYG
[2009/08/27 10:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BONJKWNEYG
[2008/04/05 10:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BPDFSXWJYG
[2008/05/18 20:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BUDFSXWJYG
[2008/04/07 04:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BZDFSXWJYG
[2010/04/21 10:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2009/05/22 22:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCOJKWNEYG
[2009/07/24 21:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CHOJKWNEYG
[2009/07/31 21:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CNNJKWNEYG
[2010/02/16 13:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/07/09 13:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DCEFSXWJYG
[2009/03/01 22:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DGOJKWNEYG
[2008/06/05 06:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DNDFSXWJYG
[2009/01/11 16:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DQDFSXWJYG
[2009/05/30 13:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DRNJKWNEYG
[2008/05/07 22:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DSDFSXWJYG
[2008/05/21 21:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DXDFSXWJYG
[2009/05/20 17:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EAOJKWNEYG
[2009/04/23 21:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EVNJKWNEYG
[2008/09/13 06:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FAEFSXWJYG
[2008/06/01 07:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FFEFSXWJYG
[2008/06/13 07:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLDFSXWJYG
[2009/04/23 21:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FUNJKWNEYG
[2009/07/18 07:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GDOJKWNEYG
[2008/08/20 23:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GEEFSXWJYG
[2008/12/20 08:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GPDFSXWJYG
[2009/08/14 00:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GTNJKWNEYG
[2008/05/03 07:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GUDFSXWJYG
[2009/06/10 17:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GWNJKWNEYG
[2009/03/26 21:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HCOJKWNEYG
[2008/02/28 19:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTDFSXWJYG
[2008/08/14 10:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HYDFSXWJYG
[2009/08/05 17:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBOJKWNEYG
[2009/08/17 17:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IGOJKWNEYG
[2009/01/02 21:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISDFSXWJYG
[2009/02/18 22:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IWNJKWNEYG
[2008/05/11 05:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JBEFSXWJYG
[2009/04/08 21:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCOJKWNEYG
[2008/04/16 17:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JRDFSXWJYG
[2008/02/15 00:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JVPKERHDYG
[2008/06/21 06:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KAEFSXWJYG
[2009/02/04 22:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KEOJKWNEYG
[2009/06/06 00:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KMNJKWNEYG
[2009/05/15 14:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KRNJKWNEYG
[2008/09/07 12:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LEEFSXWJYG
[2008/04/18 06:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LKDFSXWJYG
[2009/09/27 16:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LSDFSXWJYG
[2008/08/14 12:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LUDFSXWJYG
[2008/05/01 02:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LZDFSXWJYG
[2008/09/21 07:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAEFSXWJYG
[2009/03/21 20:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCOJKWNEYG
[2009/07/18 10:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MHOJKWNEYG
[2009/03/20 21:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MNNJKWNEYG
[2008/03/05 11:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCEFSXWJYG
[2008/05/16 22:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NKDFSXWJYG
[2009/03/21 07:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NMNJKWNEYG
[2010/06/13 09:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2010/02/18 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009/05/14 06:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OAOJKWNEYG
[2009/02/17 22:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OFOJKWNEYG
[2009/02/16 15:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OQNJKWNEYG
[2008/04/19 11:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PAEFSXWJYG
[2011/03/03 19:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2009/04/30 22:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PBOJKWNEYG
[2008/04/09 22:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PFEFSXWJYG
[2008/10/16 23:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PLDFSXWJYG
[2009/05/21 13:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMNJKWNEYG
[2008/02/20 16:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPPKERHDYG
[2009/06/20 07:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PUNJKWNEYG
[2008/08/07 22:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PVDFSXWJYG
[2008/02/20 15:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QAQKERHDYG
[2009/05/28 19:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QDOJKWNEYG
[2009/03/07 07:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFOJKWNEYG
[2008/07/02 22:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QKDFSXWJYG
[2009/04/01 21:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QTNJKWNEYG
[2008/04/23 21:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RDEFSXWJYG
[2009/07/07 20:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RNNJKWNEYG
[2008/06/12 07:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RODFSXWJYG
[2008/03/28 05:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RTDFSXWJYG
[2009/05/08 01:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RXNJKWNEYG
[2008/05/09 13:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RYDFSXWJYG
[2010/09/04 18:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/02/05 05:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMNJKWNEYG
[2010/06/27 07:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2010/02/16 13:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2009/06/28 11:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRNJKWNEYG
[2008/09/12 05:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSDFSXWJYG
[2009/02/12 12:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SWNJKWNEYG
[2008/03/01 02:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TBEFSXWJYG
[2008/03/05 13:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TDEFSXWJYG
[2008/10/15 20:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TLJFSXWJYG
[2008/03/22 08:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TMDFSXWJYG
[2008/07/17 05:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TRDFSXWJYG
[2009/04/29 23:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVNJKWNEYG
[2008/02/15 00:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVPKERHDYG
[2008/11/23 12:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TWDFSXWJYG
[2009/04/01 21:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UEOJKWNEYG
[2009/05/06 21:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UPNJKWNEYG
[2009/02/12 22:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UUNJKWNEYG
[2009/01/16 15:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UVDFSXWJYG
[2008/03/15 13:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/07 20:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VRNJKWNEYG
[2008/02/16 05:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VTPKERHDYG
[2008/03/26 19:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/18 16:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WNNJKWNEYG
[2009/02/06 07:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSNJKWNEYG
[2008/09/12 13:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WTDFSXWJYG
[2009/03/27 06:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WWNJKWNEYG
[2009/02/19 00:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XBOJKWNEYG
[2008/08/06 14:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XCEFSXWJYG
[2008/04/17 21:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XNDFSXWJYG
[2008/06/04 22:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XXDFSXWJYG
[2009/04/10 07:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAOJKWNEYG
[2009/04/20 23:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YQNJKWNEYG
[2009/07/08 17:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YVNJKWNEYG
[2008/05/16 23:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZAEFSXWJYG
[2008/04/05 10:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZLDFSXWJYG
[2008/06/11 21:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZQDFSXWJYG
[2008/11/27 08:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZUDFSXWJYG
[2010/09/15 12:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/08 06:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/03/15 13:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\acccore
[2008/05/06 13:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\Domain Name Analyzer v4.1
[2008/04/19 09:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\Good Keywords v2
[2010/09/13 21:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\HotSync
[2010/07/17 19:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\IBP
[2008/04/24 09:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\IM ToolPad 2008
[2009/12/29 13:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\ImgBurn
[2008/05/06 13:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\IMTP Tool Kit
[2008/05/06 13:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\IMTP Website Explorer
[2008/04/24 12:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\IMTP Website Monitor
[2008/04/24 12:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\Keyword Strategy Studio Se
[2009/09/16 20:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\Leadertech
[2008/10/29 06:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\MySQL
[2011/03/03 19:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\Panda Security
[2010/09/04 18:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\Samsung
[2009/11/05 16:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\Sierra Wireless
[2008/03/01 01:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\Softnik Technologies
[2009/08/11 06:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\SpamBayes
[2009/01/11 06:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\SQLyog
[2011/03/25 13:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\SSH
[2010/01/13 11:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\SyncMyCal
[2009/09/03 09:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\Trillian
[2010/03/09 17:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\TweakNow RegCleaner

========== Purity Check ==========



< End of report >

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:20 PM

Posted 27 March 2011 - 07:11 PM

Please rerun OTL as below

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2009/01/25 06:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AAEFSXWJYG
[2009/08/26 14:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AEOJKWNEYG
[2009/05/08 07:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASNJKWNEYG
[2008/03/17 18:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BEEFSXWJYG
[2009/08/27 10:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BONJKWNEYG
[2008/04/05 10:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BPDFSXWJYG
[2008/05/18 20:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BUDFSXWJYG
[2008/04/07 04:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BZDFSXWJYG
[2009/05/22 22:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCOJKWNEYG
[2009/07/24 21:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CHOJKWNEYG
[2009/07/31 21:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CNNJKWNEYG
[2008/07/09 13:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DCEFSXWJYG
[2009/03/01 22:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DGOJKWNEYG
[2008/06/05 06:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DNDFSXWJYG
[2009/01/11 16:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DQDFSXWJYG
[2009/05/30 13:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DRNJKWNEYG
[2008/05/07 22:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DSDFSXWJYG
[2008/05/21 21:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DXDFSXWJYG
[2009/05/20 17:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EAOJKWNEYG
[2009/04/23 21:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EVNJKWNEYG
[2008/09/13 06:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FAEFSXWJYG
[2008/06/01 07:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FFEFSXWJYG
[2008/06/13 07:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLDFSXWJYG
[2009/04/23 21:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FUNJKWNEYG
[2009/07/18 07:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GDOJKWNEYG
[2008/08/20 23:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GEEFSXWJYG
[2008/12/20 08:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GPDFSXWJYG
[2009/08/14 00:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GTNJKWNEYG
[2008/05/03 07:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GUDFSXWJYG
[2009/06/10 17:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GWNJKWNEYG
[2009/03/26 21:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HCOJKWNEYG
[2008/02/28 19:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTDFSXWJYG
[2008/08/14 10:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HYDFSXWJYG
[2009/08/05 17:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBOJKWNEYG
[2009/08/17 17:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IGOJKWNEYG
[2009/01/02 21:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISDFSXWJYG
[2009/02/18 22:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IWNJKWNEYG
[2008/05/11 05:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JBEFSXWJYG
[2009/04/08 21:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCOJKWNEYG
[2008/04/16 17:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JRDFSXWJYG
[2008/02/15 00:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JVPKERHDYG
[2008/06/21 06:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KAEFSXWJYG
[2009/02/04 22:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KEOJKWNEYG
[2009/06/06 00:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KMNJKWNEYG
[2009/05/15 14:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KRNJKWNEYG
[2008/09/07 12:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LEEFSXWJYG
[2008/04/18 06:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LKDFSXWJYG
[2009/09/27 16:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LSDFSXWJYG
[2008/08/14 12:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LUDFSXWJYG
[2008/05/01 02:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LZDFSXWJYG
[2008/09/21 07:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAEFSXWJYG
[2009/03/21 20:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCOJKWNEYG
[2009/07/18 10:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MHOJKWNEYG
[2009/03/20 21:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MNNJKWNEYG
[2008/03/05 11:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCEFSXWJYG
[2008/05/16 22:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NKDFSXWJYG
[2009/03/21 07:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NMNJKWNEYG
[2009/05/14 06:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OAOJKWNEYG
[2009/02/17 22:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OFOJKWNEYG
[2009/02/16 15:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OQNJKWNEYG
[2008/04/19 11:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PAEFSXWJYG
[2009/04/30 22:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PBOJKWNEYG
[2008/04/09 22:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PFEFSXWJYG
[2008/10/16 23:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PLDFSXWJYG
[2009/05/21 13:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMNJKWNEYG
[2008/02/20 16:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPPKERHDYG
[2009/06/20 07:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PUNJKWNEYG
[2008/08/07 22:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PVDFSXWJYG
[2008/02/20 15:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QAQKERHDYG
[2009/05/28 19:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QDOJKWNEYG
[2009/03/07 07:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFOJKWNEYG
[2008/07/02 22:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QKDFSXWJYG
[2009/04/01 21:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QTNJKWNEYG
[2008/04/23 21:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RDEFSXWJYG
[2009/07/07 20:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RNNJKWNEYG
[2008/06/12 07:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RODFSXWJYG
[2008/03/28 05:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RTDFSXWJYG
[2009/05/08 01:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RXNJKWNEYG
[2008/05/09 13:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RYDFSXWJYG
[2009/02/05 05:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMNJKWNEYG
[2009/06/28 11:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRNJKWNEYG
[2008/09/12 05:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSDFSXWJYG
[2009/02/12 12:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SWNJKWNEYG
[2008/03/01 02:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TBEFSXWJYG
[2008/03/05 13:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TDEFSXWJYG
[2008/10/15 20:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TLJFSXWJYG
[2008/03/22 08:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TMDFSXWJYG
[2008/07/17 05:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TRDFSXWJYG
[2009/04/29 23:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVNJKWNEYG
[2008/02/15 00:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVPKERHDYG
[2008/11/23 12:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TWDFSXWJYG
[2009/04/01 21:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UEOJKWNEYG
[2009/05/06 21:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UPNJKWNEYG
[2009/02/12 22:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UUNJKWNEYG
[2009/01/16 15:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UVDFSXWJYG
[2009/03/07 20:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VRNJKWNEYG
[2008/02/16 05:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VTPKERHDYG
[2009/07/18 16:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WNNJKWNEYG
[2009/02/06 07:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSNJKWNEYG
[2008/09/12 13:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WTDFSXWJYG
[2009/03/27 06:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WWNJKWNEYG
[2009/02/19 00:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XBOJKWNEYG
[2008/08/06 14:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XCEFSXWJYG
[2008/04/17 21:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XNDFSXWJYG
[2008/06/04 22:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XXDFSXWJYG
[2009/04/10 07:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAOJKWNEYG
[2009/04/20 23:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YQNJKWNEYG
[2009/07/08 17:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YVNJKWNEYG
[2008/05/16 23:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZAEFSXWJYG
[2008/04/05 10:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZLDFSXWJYG
[2008/06/11 21:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZQDFSXWJYG
[2008/11/27 08:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZUDFSXWJYG
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Can I also have a new OTL scan log - do the same as you did the first time to get the original log.
Posted Image
m0le is a proud member of UNITE

#9 txbigden1

txbigden1
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 27 March 2011 - 09:20 PM

An Extra Notepad never opened up. I don't see one saved either. Only the OTL.txt opened up.

Dennis

========== OTL ==========
C:\Documents and Settings\All Users\Application Data\AAEFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AEOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ASNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BEEFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BONJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BPDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BUDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BZDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\CCOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\CHOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\CNNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\DCEFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\DGOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\DNDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\DQDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\DRNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\DSDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\DXDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\EAOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\EVNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\FAEFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\FFEFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\FLDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\FUNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\GDOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\GEEFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\GPDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\GTNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\GUDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\GWNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\HCOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\HTDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\HYDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\IBOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\IGOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ISDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\IWNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\JBEFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\JCOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\JRDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\JVPKERHDYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\KAEFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\KEOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\KMNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\KRNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\LEEFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\LKDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\LSDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\LUDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\LZDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MAEFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MCOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MHOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MNNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\NCEFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\NKDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\NMNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\OAOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\OFOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\OQNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PAEFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PBOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PFEFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PLDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PMNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PPPKERHDYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PUNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PVDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\QAQKERHDYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\QDOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\QFOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\QKDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\QTNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\RDEFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\RNNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\RODFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\RTDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\RXNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\RYDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SMNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SRNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SSDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SWNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\TBEFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\TDEFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\TLJFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\TMDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\TRDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\TVNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\TVPKERHDYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\TWDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\UEOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\UPNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\UUNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\UVDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\VRNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\VTPKERHDYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WNNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WSNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WTDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WWNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\XBOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\XCEFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\XNDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\XXDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\YAOJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\YQNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\YVNJKWNEYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ZAEFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ZLDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ZQDFSXWJYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ZUDFSXWJYG folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.22.3 log created on 03272011_193334

OTL logfile created on: 3/27/2011 7:36:57 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\dennis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 218.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 16.28 Gb Free Space | 29.13% Space Free | Partition Type: NTFS
Drive D: | 5.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: IT2RESCUE | User Name: dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\dennis\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\AOL\1205605376\ee\aolsoftware.exe (AOL Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\dennis\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (QBCFMonitorService) -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (QuickBooksDB20) -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe (Intuit, Inc.)
SRV - (QBFCService) -- c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (RampartSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe (SonicWALL, Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (easytether) -- C:\WINDOWS\system32\drivers\easytthr.sys (Mobile Stream)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort2) -- C:\WINDOWS\system32\drivers\nwusbser2.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (RkPavproc2) -- C:\WINDOWS\system32\drivers\RkPavproc2.sys (Panda Security, S.L.)
DRV - (RkPavproc1) -- C:\WINDOWS\system32\drivers\RkPavproc1.sys (Panda Security, S.L.)
DRV - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\WINDOWS\system32\drivers\SWNC5E00.sys (Sierra Wireless Inc.)
DRV - (swmx00) Sierra Wireless USB MUX Driver (#00) -- C:\WINDOWS\system32\drivers\swmx00.sys (Sierra Wireless Inc.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (RCFOX) -- C:\WINDOWS\system32\drivers\RCFOX.SYS (SonicWALL, Inc.)
DRV - (rcvpn) -- C:\WINDOWS\system32\drivers\rcvpn.sys (SonicWALL, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Zynga Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Zynga Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {c38eebda-0a39-4f01-989b-dc3ef3124bc2}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {58ae6290-0a2a-40bc-b8f1-215751609afc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/29 11:17:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/23 20:58:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 17:40:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 17:40:02 | 000,000,000 | ---D | M]

[2011/03/04 13:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Extensions
[2008/12/15 09:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/03/04 13:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/23 17:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Firefox\Profiles\kbom0jq8.default\extensions
[2010/04/27 16:58:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Firefox\Profiles\kbom0jq8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/23 17:42:10 | 000,000,000 | ---D | M] (MWDominate Community Toolbar) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Firefox\Profiles\kbom0jq8.default\extensions\{58ae6290-0a2a-40bc-b8f1-215751609afc}
[2011/03/23 17:42:17 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Firefox\Profiles\kbom0jq8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/01/29 05:08:07 | 000,000,000 | ---D | M] (MafiaWarsSecrets Toolbar) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Firefox\Profiles\kbom0jq8.default\extensions\{c38eebda-0a39-4f01-989b-dc3ef3124bc2}
[2011/03/06 09:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Firefox\Profiles\kbom0jq8.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/06 09:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dennis\Application Data\Mozilla\Firefox\Profiles\kbom0jq8.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2008/10/22 21:52:01 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\dennis\Application Data\Mozilla\Firefox\Profiles\kbom0jq8.default\searchplugins\aol-search.xml
[2009/11/25 21:08:56 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\dennis\Application Data\Mozilla\Firefox\Profiles\kbom0jq8.default\searchplugins\conduit.xml
[2011/03/25 13:16:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/23 17:40:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/29 11:18:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/09 18:03:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/12 21:07:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2011/01/11 17:11:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/09 07:23:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/03/23 20:58:33 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2008/11/29 11:17:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/09/03 12:57:18 | 000,113,976 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2011/02/10 18:44:16 | 000,449,848 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2010/02/14 09:32:40 | 000,027,448 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atsc3cls.dll
[2009/02/04 11:55:07 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2009/01/16 20:17:04 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2010/02/14 09:32:35 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/07/07 16:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
[2009/07/07 16:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
[2009/06/25 13:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2011/01/30 10:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/12/08 13:45:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/12/08 13:45:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/12/08 13:45:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/10/13 12:39:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/12/08 13:45:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/12/08 13:45:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/12/08 13:45:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/01/01 03:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 03:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 03:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 03:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/03/25 10:38:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1205605376\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] c:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\dennis\Start Menu\Programs\Startup\AutoMailer.lnk = C:\Troopmaster Software\AutoMailer\AutoMailer.exe ()
O4 - Startup: C:\Documents and Settings\dennis\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-04f4f9417a7c8afd.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sell-thru.webex.com/client/T25L/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.9.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\dennis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\dennis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/14 21:09:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/27 19:33:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/27 15:07:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dennis\Desktop\OTL.exe
[2011/03/25 13:05:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/25 09:05:50 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/03/24 03:01:29 | 000,000,000 | ---D | C] -- C:\c249184be13f2c5d8fb5ec
[2011/03/23 20:59:41 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/23 20:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/03/23 20:59:40 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/23 20:59:34 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/23 20:59:33 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/23 20:59:32 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/23 20:59:29 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/23 20:59:29 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/23 20:59:28 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/23 20:58:28 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/03/23 20:58:25 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/23 20:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/23 20:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/23 17:38:10 | 012,580,112 | ---- | C] (Mozilla) -- C:\Documents and Settings\dennis\Desktop\Firefox Setup 4.0.exe
[2011/03/21 14:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dennis\Desktop\virus
[2011/03/21 11:54:31 | 000,017,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\RkPavproc2.sys
[2011/03/20 15:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/19 16:03:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\dennis\Desktop\TDSSKiller.exe
[2011/03/10 11:49:10 | 000,000,000 | ---D | C] -- C:\adbb181a3baf236615ba411a28cc
[2011/03/10 11:43:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mobile Stream
[2011/03/10 11:43:14 | 000,017,232 | ---- | C] (Mobile Stream) -- C:\WINDOWS\System32\drivers\easytthr.sys
[2011/03/10 11:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mobile Stream
[2011/03/09 07:23:12 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/09 07:23:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/09 07:23:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/08 22:12:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/03/08 15:45:30 | 000,017,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\RkPavproc1.sys
[2011/03/04 13:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dennis\Local Settings\Application Data\MozSwing
[2011/03/03 19:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dennis\Application Data\Panda Security
[2011/03/03 19:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/03/03 18:21:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Debug
[2010/02/06 08:12:16 | 006,512,640 | ---- | C] ( ) -- C:\WINDOWS\sspro.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/27 15:06:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dennis\Desktop\OTL.exe
[2011/03/27 07:35:06 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\dennis\Desktop\tdsskiller.zip
[2011/03/26 07:24:57 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\dennis\Desktop\austincountertops.com
[2011/03/25 20:56:22 | 000,001,858 | -H-- | M] () -- C:\Documents and Settings\dennis\My Documents\Default.rdp
[2011/03/25 10:38:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/25 09:59:50 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\dennis\Desktop\rkill.com
[2011/03/25 09:44:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/25 09:39:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/25 09:35:43 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011/03/24 04:51:23 | 000,100,326 | ---- | M] () -- C:\Documents and Settings\dennis\My Documents\Dennis.apw
[2011/03/23 20:59:42 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/23 20:59:30 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/23 17:40:26 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/23 17:40:26 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/23 17:39:13 | 012,580,112 | ---- | M] (Mozilla) -- C:\Documents and Settings\dennis\Desktop\Firefox Setup 4.0.exe
[2011/03/22 10:40:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\dennis\defogger_reenable
[2011/03/21 08:40:27 | 000,000,050 | ---- | M] () -- C:\Documents and Settings\dennis\port80.bat
[2011/03/20 20:25:11 | 000,108,032 | ---- | M] () -- C:\Documents and Settings\dennis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/20 20:20:02 | 000,042,806 | ---- | M] () -- C:\Documents and Settings\dennis\Desktop\TP010274803.cab
[2011/03/17 05:09:54 | 000,103,570 | ---- | M] () -- C:\Documents and Settings\dennis\Desktop\Contig.zip
[2011/03/16 15:59:22 | 000,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/16 15:59:22 | 000,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\dennis\Desktop\TDSSKiller.exe
[2011/03/10 11:59:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011/03/10 11:59:21 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/03/10 11:59:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/09 13:32:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/04 13:10:38 | 000,210,056 | ---- | M] () -- C:\Documents and Settings\dennis\.ranktracker.properties
[2011/03/04 12:45:50 | 047,631,554 | ---- | M] () -- C:\Documents and Settings\dennis\Desktop\seopowersuite-jre.zip
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/27 07:35:18 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\dennis\Desktop\tdsskiller.zip
[2011/03/26 07:24:56 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\dennis\Desktop\austincountertops.com
[2011/03/25 09:59:44 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\dennis\Desktop\rkill.com
[2011/03/25 09:35:43 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/03/23 20:59:42 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/23 17:40:26 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/23 17:40:26 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/22 10:40:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\dennis\defogger_reenable
[2011/03/21 06:19:51 | 000,000,050 | ---- | C] () -- C:\Documents and Settings\dennis\port80.bat
[2011/03/20 20:20:19 | 000,042,806 | ---- | C] () -- C:\Documents and Settings\dennis\Desktop\TP010274803.cab
[2011/03/17 05:10:26 | 000,103,570 | ---- | C] () -- C:\Documents and Settings\dennis\Desktop\Contig.zip
[2011/03/10 11:59:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011/03/10 11:59:21 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/03/04 13:10:33 | 000,210,056 | ---- | C] () -- C:\Documents and Settings\dennis\.ranktracker.properties
[2011/03/04 12:42:38 | 047,631,554 | ---- | C] () -- C:\Documents and Settings\dennis\Desktop\seopowersuite-jre.zip
[2010/09/01 19:48:28 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/09/01 19:48:28 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/09/01 19:47:30 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\dennis\Application Data\$_hpcst$.hpc
[2010/08/31 14:02:24 | 000,037,926 | ---- | C] () -- C:\Documents and Settings\dennis\Application Data\Comma Separated Values (DOS).ADR
[2010/05/04 13:52:40 | 000,002,437 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010/04/09 16:06:20 | 000,145,975 | ---- | C] () -- C:\WINDOWS\hpwins10.dat
[2010/04/09 16:06:20 | 000,001,042 | ---- | C] () -- C:\WINDOWS\hpwmdl10.dat
[2010/02/16 13:05:35 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/02/15 22:31:44 | 000,116,176 | ---- | C] () -- C:\WINDOWS\iun1405.exe
[2010/02/15 22:31:44 | 000,000,117 | ---- | C] () -- C:\WINDOWS\BL_EE51.ini
[2010/02/06 08:12:15 | 000,304,128 | ---- | C] () -- C:\WINDOWS\msatools64.dll
[2010/02/06 08:12:14 | 000,296,448 | ---- | C] () -- C:\WINDOWS\perfsysdeam.dll
[2010/02/06 08:11:59 | 000,002,473 | ---- | C] () -- C:\WINDOWS\swn32reg.dll
[2010/01/25 22:39:38 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2009/10/28 16:56:00 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/09/16 20:49:55 | 000,000,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/14 16:39:46 | 000,000,113 | ---- | C] () -- C:\WINDOWS\(null)toolkit.ini
[2009/09/14 15:33:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\dennis\Local Settings\Application Data\housecall.guid.cache
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/25 18:39:19 | 000,000,032 | ---- | C] () -- C:\WINDOWS\qpg.INI
[2009/01/14 15:02:17 | 000,012,987 | ---- | C] () -- C:\Documents and Settings\dennis\Application Data\Microsoft Excel 97-2003.CAL
[2008/10/15 12:58:34 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/04/29 09:14:57 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\dennis\Local Settings\Application Data\fusioncache.dat
[2008/04/03 06:35:43 | 000,242,176 | ---- | C] () -- C:\WINDOWS\System32\fixflash.exe
[2008/04/03 06:35:42 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2008/04/03 06:35:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2008/03/28 15:37:29 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2008/03/27 12:50:11 | 000,000,079 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2008/03/23 16:00:35 | 000,108,032 | ---- | C] () -- C:\Documents and Settings\dennis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/05 09:42:21 | 000,001,289 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/03/01 11:01:04 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2008/03/01 07:58:29 | 000,000,297 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/25 11:29:03 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/02/21 18:31:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/02/21 10:07:27 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2008/02/14 21:24:51 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/02/14 21:24:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/02/14 21:24:51 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/02/14 21:24:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2008/02/14 21:23:11 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/02/14 21:13:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/02/14 21:06:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/02/14 14:59:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/02/14 14:58:17 | 000,293,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/20 05:27:16 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/09/20 05:27:16 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/09/20 05:27:16 | 000,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/20 05:27:16 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/09/20 05:27:16 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/09/20 05:27:16 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/09/20 05:27:16 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/09/20 05:27:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/09/20 05:27:16 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/09/20 05:27:16 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/09/20 05:27:16 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/09/20 05:27:16 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/09/20 05:27:16 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/09/20 05:27:16 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/09/20 05:27:16 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/09/20 05:27:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/09/20 05:27:16 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/09/20 05:27:16 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/09/20 05:27:16 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/12 18:43:54 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2006/03/27 13:08:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/22 14:17:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,444,156 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,072,248 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/10/28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

========== LOP Check ==========

[2009/04/13 14:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/03/23 20:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/04/21 10:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2010/02/16 13:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/06/13 09:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2010/02/18 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/03/03 19:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/09/04 18:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2010/06/27 07:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2010/02/16 13:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2008/03/15 13:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/03/26 19:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/09/15 12:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/08 06:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/03/15 13:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\acccore
[2008/05/06 13:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\Domain Name Analyzer v4.1
[2008/04/19 09:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\Good Keywords v2
[2010/09/13 21:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\HotSync
[2010/07/17 19:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\IBP
[2008/04/24 09:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\IM ToolPad 2008
[2009/12/29 13:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\ImgBurn
[2008/05/06 13:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\IMTP Tool Kit
[2008/05/06 13:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\IMTP Website Explorer
[2008/04/24 12:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\IMTP Website Monitor
[2008/04/24 12:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\Keyword Strategy Studio Se
[2009/09/16 20:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\Leadertech
[2008/10/29 06:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\MySQL
[2011/03/03 19:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\Panda Security
[2010/09/04 18:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\Samsung
[2009/11/05 16:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\Sierra Wireless
[2008/03/01 01:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\Softnik Technologies
[2009/08/11 06:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\SpamBayes
[2009/01/11 06:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\SQLyog
[2011/03/25 13:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\SSH
[2010/01/13 11:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\SyncMyCal
[2009/09/03 09:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\Trillian
[2010/03/09 17:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dennis\Application Data\TweakNow RegCleaner

========== Purity Check ==========



< End of report >

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:20 PM

Posted 28 March 2011 - 03:54 PM

Okay, now next please run MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#11 txbigden1

txbigden1
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 28 March 2011 - 11:09 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6199

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/28/2011 11:04:23 PM
mbam-log-2011-03-28 (23-04-22).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 305138
Time elapsed: 5 hour(s), 23 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:20 PM

Posted 29 March 2011 - 05:34 PM

That's good. Please run ESET next

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#13 txbigden1

txbigden1
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 30 March 2011 - 06:03 AM

I was in a bit of a panic as I missed the part of if no log was generated it means nothing is found. But no log was generated.

It did take 7 1/2 hours though to complete.

I have to ask you is my Malwarebytes Pro and my Avast fighting each other? Is that part of my slow down?

Thanks for everything,
Dennis

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:20 PM

Posted 30 March 2011 - 05:24 PM

That shouldn't be happening. MBAM state no problems and Avast's answer is here.

Let's try Combofix to make sure. If this is clear then it isn't malware. Should be an interesting log...

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#15 txbigden1

txbigden1
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 31 March 2011 - 06:41 AM

I don't know what time this ended last night, but it had run for almost 5 hours when I let it run. The last time I ran it the sed.cfxxe process ran at 100% for hours on end.

I did turn off Malwarebytes and Avast. I also went through and put the exclusion list in both of them, so hopefully that will help too.

Dennis


ComboFix 11-03-30.01 - dennis 03/30/2011 19:22:48.51.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.200 [GMT -5:00]
Running from: c:\documents and settings\dennis\Desktop\ComFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-31 )))))))))))))))))))))))))))))))
.
.
2011-03-30 15:17 . 2011-03-30 15:27 -------- d-----w- C:\office2007
2011-03-28 22:41 . 2011-03-29 04:35 -------- d-----w- c:\program files\AOL 9.5
2011-03-28 00:33 . 2011-03-28 00:33 -------- d-----w- C:\_OTL
2011-03-25 14:35 . 2011-03-25 14:35 102400 ----a-w- c:\windows\RegBootClean.exe
2011-03-25 14:05 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-03-24 08:01 . 2011-03-24 08:01 -------- d-----w- C:\c249184be13f2c5d8fb5ec
2011-03-24 01:59 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-24 01:59 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-24 01:59 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-24 01:59 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-24 01:59 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-24 01:59 . 2011-02-23 13:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-24 01:59 . 2011-02-23 13:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-24 01:59 . 2011-02-23 13:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-24 01:58 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-24 01:58 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-24 01:56 . 2011-03-24 01:56 -------- d-----w- c:\program files\AVAST Software
2011-03-24 01:56 . 2011-03-24 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-03-23 22:40 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-23 22:40 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-23 22:40 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-23 22:40 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-23 22:40 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-23 22:40 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-23 22:40 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-23 22:40 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-21 16:54 . 2009-10-07 21:28 17544 ----a-w- c:\windows\system32\drivers\RkPavproc2.sys
2011-03-21 11:19 . 2011-03-21 13:40 50 ----a-w- c:\documents and settings\dennis\port80.bat
2011-03-20 20:25 . 2011-03-20 20:25 -------- d-----w- c:\program files\ESET
2011-03-19 10:44 . 2011-03-19 10:44 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-10 16:49 . 2011-03-25 18:07 -------- d-----w- C:\adbb181a3baf236615ba411a28cc
2011-03-10 16:43 . 2010-08-29 23:18 17232 ----a-w- c:\windows\system32\drivers\easytthr.sys
2011-03-10 16:43 . 2011-03-10 16:43 -------- d-----w- c:\program files\Mobile Stream
2011-03-09 03:12 . 2011-03-09 03:12 -------- d-----w- c:\windows\system32\GroupPolicy
2011-03-08 20:45 . 2009-10-07 21:28 17544 ----a-w- c:\windows\system32\drivers\RkPavproc1.sys
2011-03-04 18:03 . 2011-03-04 18:03 -------- d-----w- c:\documents and settings\dennis\Local Settings\Application Data\MozSwing
2011-03-04 00:44 . 2011-03-04 00:44 -------- d-----w- c:\documents and settings\dennis\Application Data\Panda Security
2011-03-04 00:38 . 2011-03-04 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2011-03-04 00:36 . 2010-10-07 14:50 428352 ----a-w- c:\program files\Mozilla Firefox\StubInstaller.exe
2011-03-03 23:21 . 2011-03-03 23:21 -------- d-----w- c:\windows\system32\Debug
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 03:40 . 2011-01-11 22:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:19 . 2008-02-16 10:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2008-02-15 02:04 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-31 16:46 . 2011-01-31 16:46 206200 ----a-w- c:\windows\Contig.exe
2011-01-27 11:57 . 2008-02-15 02:04 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 22:38 . 2011-02-24 11:31 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 10:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-09-03 17:57 . 2009-01-22 13:18 113976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2011-02-10 23:44 . 2009-02-04 16:55 449848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-02-14 14:32 . 2009-02-04 16:55 27448 ----a-w- c:\program files\mozilla firefox\plugins\atsc3cls.dll
2009-02-04 16:55 . 2009-02-04 16:55 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2011-03-18 17:53 . 2011-03-23 22:40 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTether"="c:\program files\Mobile Stream\EasyTether\easytthr.exe" [2010-12-19 48456]
"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2009-10-28 50536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"HostManager"="c:\program files\Common Files\AOL\1205605376\ee\AOLSoftware.exe" [2010-03-08 41800]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
c:\documents and settings\dennis\Start Menu\Programs\Startup\
AutoMailer.lnk - c:\troopmaster software\AutoMailer\AutoMailer.exe [2011-1-18 73728]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-2-15 2068832]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-11-9 1154848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\IBP 9\\IBP.exe"=
"c:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1205605376\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1205605376\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"9069:TCP"= 9069:TCP:Services
"9070:TCP"= 9070:TCP:Services
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 quupbej;quupbej;c:\windows\System32\drivers\wybch.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-06-21 30312]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-29 17232]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-07-26 36640]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-12-02 174336]
R3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [2009-08-18 678912]
R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [2009-10-07 17544]
R3 RkPavproc2;RkPavproc2;c:\windows\system32\drivers\RkPavproc2.sys [2009-10-07 17544]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-06-21 96488]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-06-21 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-06-21 121576]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\Drivers\RCFOX.sys [2004-04-05 81200]
S2 aswFsBlk;aswFsBlk; [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 363344]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-04-06 88192]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 20952]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\DRIVERS\rcvpn.sys [2003-08-20 23180]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
FF - ProfilePath - c:\documents and settings\dennis\Application Data\Mozilla\Firefox\Profiles\kbom0jq8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Zynga Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-SQLyog Community - c:\program files\SQLyog Community\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-30 19:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MBAMSwissArmy]
"ImagePath"="\??\c:\windows\system32\drivers\mbamswissarmy.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1364)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(940)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-03-31 04:40:14
ComboFix-quarantined-files.txt 2011-03-31 09:39
ComboFix2.txt 2011-03-25 18:01
.
Pre-Run: 16,925,945,856 bytes free
Post-Run: 16,926,875,648 bytes free
.
- - End Of File - - 5BD8360B6CDE3594BEAAF0407C5C259C




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users