DAL Computer Help - Spyware, Adware, Viruses and Malware Removal

[Active] Is it clean?

jamesjcostello — Thu, 02 Sep 2010 11:55:47 GMT

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4525

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/1/2010 8:55:30 PM
mbam-log-2010-09-01 (20-55-30).txt

Scan type: Quick scan
Objects scanned: 132833
Time elapsed: 11 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-01 23:00:48
Windows 5.1.2600 Service Pack 3
Running: nmy7qgpi.exe; Driver: C:\DOCUME~1\JAMESC~1\LOCALS~1\Temp\uxtdapow.sys

---- Kernel code sections - GMER 1.0.15 ----

? dsapd.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1644] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0060000c

Kernel Drivers (total 143):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF8B32000 \WINDOWS\system32\KDCOM.DLL
0xF8A42000 \WINDOWS\system32\BOOTVID.dll
0xF8632000 dsapd.sys
0xF8503000 ACPI.sys
0xF8B34000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF84F2000 pci.sys
0xF8642000 isapnp.sys
0xF8A46000 compbatt.sys
0xF8A4A000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8BFA000 pciide.sys
0xF88B2000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF84D4000 pcmcia.sys
0xF8652000 MountMgr.sys
0xF84B5000 ftdisk.sys
0xF88BA000 PartMgr.sys
0xF8662000 VolSnap.sys
0xF849D000 atapi.sys
0xF8672000 disk.sys
0xF8682000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF847D000 fltmgr.sys
0xF846B000 sr.sys
0xF8455000 drvmcdb.sys
0xF8692000 PxHelp20.sys
0xF843E000 KSecDD.sys
0xF83B1000 Ntfs.sys
0xF8384000 NDIS.sys
0xF86A2000 ohci1394.sys
0xF86B2000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF836A000 Mup.sys
0xF86D2000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF88A2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8AFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF744E000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF743A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8942000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7416000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF894A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF86E2000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF7402000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF73A7000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF7364000 \SystemRoot\system32\drivers\STAC97.sys
0xF7340000 \SystemRoot\system32\drivers\portcls.sys
0xF86F2000 \SystemRoot\system32\drivers\drmk.sys
0xF731D000 \SystemRoot\system32\drivers\ks.sys
0xF72EC000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF71ED000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF7145000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF8952000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8702000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF712B000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF895A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8962000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7615000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8B56000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF7605000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF75F5000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF896A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF75E5000 \SystemRoot\system32\drivers\ateksoftaudio.sys
0xF8CC3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF75D5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8B06000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7114000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF75C5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75B5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8972000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7103000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75A5000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF897A000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8982000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7595000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8B5A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF707D000 \SystemRoot\system32\DRIVERS\update.sys
0xF8B16000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF898A000 \SystemRoot\system32\DRIVERS\omci.sys
0xF7585000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8722000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8B5E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8319000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8B64000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D66000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B66000 \SystemRoot\System32\Drivers\Beep.SYS
0xF899A000 \SystemRoot\system32\drivers\ssrtln.sys
0xF89A2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF89AA000 \SystemRoot\System32\drivers\vga.sys
0xF8B68000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8B6A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF89B2000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF89BA000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8311000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA765000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA70C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA6D2000 \SystemRoot\System32\Drivers\avgtdix.sys
0xAA6AC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF8732000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF8742000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF8ADA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8752000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8ADE000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAA65C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA63A000 \SystemRoot\System32\drivers\afd.sys
0xF8762000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA56F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA4FF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8782000 \SystemRoot\System32\Drivers\Fips.SYS
0xF89C2000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xAA4CB000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF8AEE000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF87A2000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA4B3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8B74000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA7BC000 \SystemRoot\System32\drivers\Dxapi.sys
0xF89D2000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D00000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF075000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF8872000 \SystemRoot\system32\drivers\drvnddm.sys
0xF8C69000 \SystemRoot\system32\dla\tfsndres.sys
0xAA35D000 \SystemRoot\system32\dla\tfsnifs.sys
0xF8AB2000 \SystemRoot\system32\dla\tfsnopio.sys
0xF8B82000 \SystemRoot\system32\dla\tfsnpool.sys
0xF89F2000 \SystemRoot\system32\dla\tfsnboio.sys
0xF8882000 \SystemRoot\system32\dla\tfsncofs.sys
0xF8C6A000 \SystemRoot\system32\dla\tfsndrct.sys
0xAA344000 \SystemRoot\system32\dla\tfsnudf.sys
0xAA32B000 \SystemRoot\system32\dla\tfsnudfa.sys
0xAA39B000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAA397000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9FF6000 \SystemRoot\system32\drivers\wdmaud.sys
0xAA60A000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9EB3000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAA053000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA9DE4000 \SystemRoot\system32\DRIVERS\srv.sys
0xA955B000 \SystemRoot\System32\Drivers\HTTP.sys
0xA9314000 \??\C:\DOCUME~1\JAMESC~1\LOCALS~1\Temp\uxtdapow.sy s
0xA8F73000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
736 C:\WINDOWS\system32\smss.exe
812 csrss.exe
836 C:\WINDOWS\system32\winlogon.exe
880 C:\WINDOWS\system32\services.exe
892 C:\WINDOWS\system32\lsass.exe
1064 C:\WINDOWS\system32\svchost.exe
1140 svchost.exe
1284 C:\WINDOWS\system32\svchost.exe
1360 svchost.exe
1452 C:\Program Files\AVG\AVG9\avgchsvx.exe
1460 C:\Program Files\AVG\AVG9\avgrsx.exe
1624 svchost.exe
1668 C:\Program Files\AVG\AVG9\avgcsrvx.exe
208 C:\WINDOWS\system32\WLTRYSVC.EXE
216 C:\WINDOWS\system32\BCMWLTRY.EXE
324 C:\WINDOWS\system32\spoolsv.exe
184 svchost.exe
372 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
416 C:\Program Files\AVG\AVG9\avgwdsvc.exe
448 C:\Program Files\Bonjour\mDNSResponder.exe
556 C:\WINDOWS\system32\cisvc.exe
780 C:\Program Files\Java\jre6\bin\jqs.exe
1428 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
1832 C:\WINDOWS\system32\svchost.exe
2020 C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe
392 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
1616 C:\WINDOWS\explorer.exe
1956 C:\Program Files\AVG\AVG9\avgemc.exe
2068 C:\Program Files\AVG\AVG9\avgnsx.exe
2260 C:\Program Files\AVG\AVG9\avgcsrvx.exe
2368 wmiprvse.exe
2644 C:\Program Files\Apoint\Apoint.exe
2672 C:\WINDOWS\system32\WLTRAY.EXE
2720 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2740 C:\WINDOWS\system32\dla\tfswctrl.exe
2780 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2852 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2872 C:\WINDOWS\system32\igfxpers.exe
2892 C:\Program Files\Dell\QuickSet\quickset.exe
3016 C:\Program Files\Apoint\ApntEx.exe
3140 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
3528 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
3856 alg.exe
3504 C:\WINDOWS\system32\svchost.exe
1644 C:\Program Files\Mozilla Firefox\firefox.exe
2912 C:\Program Files\Mozilla Firefox\plugin-container.exe
1836 C:\Documents and Settings\James Costelllo\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

PhysicalDrive0 Model Number: WDCWD400VE-75HDT1, Rev: 11.07D11

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 79BCE648F143823706869D592F56B05B3E4D6E83

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

OTL Extras logfile created on: 9/1/2010 11:04:59 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\James Costelllo\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 268.00 Mb Available Physical Memory | 53.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 756 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.94 Gb Total Space | 16.48 Gb Free Space | 48.56% Space Free | Partition Type: NTFS
Drive D: | 164.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive V: | 26.55 Gb Total Space | 2.06 Gb Free Space | 7.77% Space Free | Partition Type: NTFS
Drive W: | 74.53 Gb Total Space | 26.85 Gb Free Space | 36.03% Space Free | Partition Type: NTFS

Computer Name: LAPTOP
Current User Name: James Costelllo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo ! FT Server -- File not found
"C:\WINDOWS\Downloaded Program Files\ptermX.exe" = C:\WINDOWS\Downloaded Program Files\ptermX.exe:*:Enabled:PowerTerm� WebConnect ActiveX -- ()
"C:\Program Files\BCDC++\DCPlusPlus.exe" = C:\Program Files\BCDC++\DCPlusPlus.exe:*:Enabled:BCDC++ -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enable d:Yahoo! Messenger -- (Yahoo! Inc.)
"\\PC\Ateksoft\WebCamera Plus\camviewer.exe" = \\PC\Ateksoft\WebCamera Plus\camviewer.exe:*:Enabled:camviewer.exe
"C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe" = C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe:*:Enabled:WebCamera Plus Service -- (Ateksoft Company Ltd.)
"C:\Program Files\Ateksoft\WebCamera Plus\camviewer.exe" = C:\Program Files\Ateksoft\WebCamera Plus\camviewer.exe:*:Enabled:WebCamera Plus -- (Ateksoft Company Ltd.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"\\Pc\my music\iTunes.exe" = \\Pc\my music\iTunes.exe:*:Enabled:iTunes.exe
"\\Pc\E\My Music\iTunes.exe" = \\Pc\E\My Music\iTunes.exe:*:Enabled:iTunes.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Picasa3\Picasa3.exe" = C:\Program Files\Picasa3\Picasa3.exe:*:Enabled:Picasa -- File not found
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Mozilla Firefox\plugin-container.exe" = C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A5B1D32-CC86-4689-B43C-AD52A9B8773B}" = DIYPhotoBits.com Camera Control 4.0
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AC76BA86-7AD7-2448-0000-705000000001}" = Adobe Reader Chinese Traditional Fonts
"{AC76BA86-7AD7-5760-0000-705000000001}" = Adobe Reader Japanese Fonts
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype� 4.1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_54221 4F1" = Conexant D110 MDC V.9x Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"EPSON Printer and Utilities" = EPSON Printer Software
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCamera Plus_is1" = WebCamera Plus 2.0
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"ZipCentral_is1" = ZipCentral 4.01
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/31/2010 1:12:20 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8094

Error - 8/31/2010 1:12:22 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/31/2010 1:12:22 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10125

Error - 8/31/2010 1:12:22 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10125

Error - 8/31/2010 1:12:25 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/31/2010 1:12:25 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12344

Error - 8/31/2010 1:12:25 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12344

Error - 8/31/2010 1:12:27 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/31/2010 1:12:27 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14469

Error - 8/31/2010 1:12:27 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14469

[ System Events ]
Error - 9/1/2010 8:13:08 AM | Computer Name = LAPTOP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.4 on
the Network Card with network address 0014A433A1E7.

Error - 9/1/2010 8:26:04 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/1/2010 8:26:04 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 9/1/2010 8:26:04 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 9/1/2010 8:26:05 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/1/2010 8:26:05 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/1/2010 8:26:07 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The NICCONFIGSVC service terminated unexpectedly. It has done this
1 time(s).

Error - 9/1/2010 8:30:01 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 9/1/2010 9:02:22 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde Lbd

Error - 9/1/2010 10:18:54 PM | Computer Name = LAPTOP | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{4984256F-3256-4D4A-AE7B-AB5A89B0E00C}. The
backup browser is stopping.

< End of report >

OTL logfile created on: 9/1/2010 11:04:58 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\James Costelllo\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 268.00 Mb Available Physical Memory | 53.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 756 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.94 Gb Total Space | 16.48 Gb Free Space | 48.56% Space Free | Partition Type: NTFS
Drive D: | 164.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive V: | 26.55 Gb Total Space | 2.06 Gb Free Space | 7.77% Space Free | Partition Type: NTFS
Drive W: | 74.53 Gb Total Space | 26.85 Gb Free Space | 36.03% Space Free | Partition Type: NTFS

Computer Name: LAPTOP
Current User Name: James Costelllo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/01 23:02:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Costelllo\My Documents\Downloads\OTL.exe
PRC - [2010/07/23 08:02:09 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 08:54:45 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/16 08:54:36 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 08:54:34 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 08:54:23 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 08:52:13 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 08:52:07 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/25 12:06:10 | 000,046,592 | ---- | M] (Ateksoft Company Ltd.) -- C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/06/10 12:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/03/04 13:26:08 | 000,606,208 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2004/09/13 18:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 16:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe

========== Modules (SafeList) ==========

MOD - [2010/09/01 23:02:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Costelllo\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/12/23 17:47:36 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/23 08:02:09 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 08:54:23 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/25 12:06:10 | 000,046,592 | ---- | M] (Ateksoft Company Ltd.) [Auto | Running] -- C:\Program Files\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe -- (Webcamera Plus Service)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [On_Demand | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/16 08:54:40 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 08:52:14 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/05 11:26:32 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/11 19:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 14:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/12/25 12:06:16 | 000,011,776 | ---- | M] (Ateksoft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ateksoftaudio.sys -- (AteksoftAudio)
DRV - [2005/05/31 06:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/31 06:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/31 06:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/31 06:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/31 06:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/31 06:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/31 06:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/31 06:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/31 06:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/17 05:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/05/13 11:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2005/05/13 11:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2005/04/22 04:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/04/21 03:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2005/03/11 00:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/12/06 23:09:58 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/16 18:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/18 16:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/17 22:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 22:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 22:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 22:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/02/13 18:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2002/03/12 21:50:50 | 000,899,884 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\C-itNT.sys -- (XIRLINK)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 15:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "file:///C:/Home%20Page.html"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5 b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/23 08:04:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/04 08:16:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 16:49:18 | 000,000,000 | ---D | M]

[2009/01/06 00:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Costelllo\Application Data\Mozilla\Extensions
[2010/09/01 09:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Costelllo\Application Data\Mozilla\Firefox\Profiles\b1o59xcw.default\ext ensions
[2010/05/21 18:25:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\James Costelllo\Application Data\Mozilla\Firefox\Profiles\b1o59xcw.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/08/13 18:51:06 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Application Data\Mozilla\Firefox\Profiles\b1o59xcw.default\sea rchplugins\ask.xml
[2008/08/13 18:51:06 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Application Data\Mozilla\Firefox\Profiles\b1o59xcw.default\sea rchplugins\jeeves.xml
[2010/09/01 09:06:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/21 18:08:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/06/01 10:41:47 | 001,196,032 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2006/02/02 13:16:38 | 000,628,256 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npzzatif.dll
[2006/06/01 10:41:47 | 000,003,072 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2006/06/01 10:41:47 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: Pc ([]file in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/sh...0/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C1ECC9B2-75B2-4490-8040-B8A107F45DC2} http://mail.waynecountycourthouse.co...veX/ptermX.CAB (PtConnector422 Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Java Plug-in Technology (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D2349304-8F9E-4A54-ACF6-0F6104B44209} http://auditor.cuyahogacounty.us/repi/sketch/Sketch.ocx (SketchCtl.Pic1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2006/05/09 09:47:55 | 000,000,020 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/21 20:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/09/15 05:17:00 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{e3ff5919-f98c-11de-9212-001422dfc4e3}\Shell\AutoRun\command - "" = F:\MI.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.D263 - xl_x263dec.dll File not found
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - xl_yv12.dll File not found
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/01 20:41:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Costelllo\Application Data\Malwarebytes
[2010/09/01 20:41:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/01 20:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/01 20:40:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/01 20:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/23 21:09:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\James Costelllo\Recent
[2010/08/03 18:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Costelllo\Local Settings\Application Data\Yahoo!
[2010/08/03 18:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/08/02 08:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/30 22:02:25 | 000,049,904 | R--- | C] (Avanquest Software) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS
[2010/07/30 22:00:36 | 000,000,000 | ---D | C] -- C:\Netgear
[2010/07/16 08:54:35 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/21 19:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/21 19:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

========== Files - Modified Within 90 Days ==========

[2010/09/01 23:01:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Local Settings\Application Data\prvlcl.dat
[2010/09/01 21:02:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/01 21:00:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/01 21:00:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/01 20:59:48 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\James Costelllo\NTUSER.DAT
[2010/09/01 20:59:16 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\James Costelllo\ntuser.ini
[2010/09/01 20:41:11 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/01 18:02:07 | 064,183,591 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/12 09:10:44 | 000,220,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 08:53:21 | 000,000,634 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/12 08:46:37 | 000,508,318 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 08:46:37 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 08:46:37 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/03 18:28:13 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/03 18:17:51 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/02 08:15:09 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/30 22:17:30 | 000,005,882 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Desktop\Router_Setup.html
[2010/07/29 18:10:51 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Desktop\CCleaner.lnk
[2010/07/25 16:49:40 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 16:49:40 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/20 23:10:46 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Desktop\router error.doc
[2010/07/17 23:17:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/16 08:54:40 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/16 08:54:35 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/16 08:52:14 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/10 08:44:18 | 006,945,530 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Desktop\readymade_final_flat.tif
[2010/07/04 07:19:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/15 21:31:15 | 000,047,983 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Desktop\image003-300x106.png
[2010/06/09 20:11:23 | 000,300,032 | ---- | M] () -- C:\Documents and Settings\James Costelllo\Desktop\Hts Dems List.doc
[2010/06/05 11:26:32 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

========== Files Created - No Company Name ==========

[2010/09/01 20:41:11 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/03 18:28:13 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/02 08:15:09 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/30 22:17:30 | 000,000,172 | R--- | C] () -- C:\Documents and Settings\James Costelllo\Desktop\Router Login.url
[2010/07/30 22:17:27 | 000,005,882 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Desktop\Router_Setup.html
[2010/07/20 17:49:34 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Desktop\router error.doc
[2010/07/10 08:44:07 | 006,945,530 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Desktop\readymade_final_flat.tif
[2010/06/15 21:31:03 | 000,047,983 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Desktop\image003-300x106.png
[2010/06/09 20:11:22 | 000,300,032 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Desktop\Hts Dems List.doc
[2009/11/24 21:51:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Local Settings\Application Data\prvlcl.dat
[2009/07/25 12:35:08 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2009/07/10 17:42:32 | 000,038,454 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Application Data\Comma Separated Values (Windows).ADR
[2009/03/16 19:09:38 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Application Data\$_hpcst$.hpc
[2006/07/25 08:10:18 | 000,038,487 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Application Data\Comma Separated Values (DOS).ADR
[2006/05/09 09:47:52 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.dll
[2006/03/22 15:28:06 | 000,022,074 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Application Data\Tab Separated Values (DOS).ADR
[2006/03/22 15:18:35 | 000,021,892 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Application Data\Microsoft Excel.ADR
[2006/03/16 10:04:08 | 000,022,766 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Application Data\Tab Separated Values (Windows).ADR
[2006/02/21 09:11:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/17 00:44:09 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/09 15:37:36 | 000,189,440 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/12/20 15:06:56 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\AAC4A46772.sys
[2005/12/05 10:01:25 | 000,113,152 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/01 10:13:08 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Local Settings\Application Data\fusioncache.dat
[2005/11/28 14:51:38 | 000,000,325 | ---- | C] () -- C:\WINDOWS\LawWin.INI
[2005/11/25 15:59:26 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/21 13:49:56 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Application Data\PFP120JPR.{PB
[2005/11/21 13:49:56 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\James Costelllo\Application Data\PFP120JCM.{PB
[2005/11/14 20:24:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/14 20:16:10 | 000,000,558 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/14 20:06:09 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/11/14 19:42:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/11/14 19:41:48 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/06/22 14:37:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/10/26 18:15:59 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/07/31 19:21:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\hllapi32.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/11/18 08:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/16 14:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rkfree
[2005/11/14 20:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/18 14:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/22 21:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/17 23:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/01/23 12:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Costelllo\Application Data\Ericom
[2009/09/27 18:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Costelllo\Application Data\Free Labs
[2005/12/21 12:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Costelllo\Application Data\Leadertech
[2006/02/24 11:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Costelllo\Application Data\Learn2.com
[2005/12/07 10:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Costelllo\Application Data\Qualcomm
[2009/02/22 19:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Costelllo\Application Data\Snapfish
[2010/07/04 07:19:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/01/03 11:07:25 | 000,007,164 | ---- | M] () -- C:\aaw7boot.log
[2009/06/19 18:35:48 | 000,032,370 | ---- | M] () -- C:\ASLog.txt
[2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.001
[2006/05/09 09:47:55 | 000,000,020 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/12/09 15:58:47 | 000,001,953 | ---- | M] () -- C:\Bills.html
[2009/12/30 09:04:16 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2006/04/04 16:48:31 | 000,002,019 | ---- | M] () -- C:\Career.html
[2005/11/23 15:46:42 | 000,002,135 | ---- | M] () -- C:\Case.html
[2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/11/14 19:46:00 | 000,005,105 | RH-- | M] () -- C:\dell.sdr
[2009/08/11 06:51:11 | 000,005,034 | ---- | M] () -- C:\Home Page.html
[2005/11/25 16:20:41 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2006/05/09 11:19:26 | 000,000,162 | ---- | M] () -- C:\INSTALL.LOG
[2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/11/14 20:13:22 | 000,000,828 | -H-- | M] () -- C:\IPH.PH
[2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2005/11/23 15:46:43 | 000,001,537 | ---- | M] () -- C:\News.html
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/06/20 00:22:43 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/01 21:00:37 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2006/01/03 09:35:32 | 000,000,000 | ---- | M] () -- C:\palsound.txt
[2005/11/23 15:46:42 | 000,001,385 | ---- | M] () -- C:\Recipes.html
[2005/11/23 15:46:42 | 000,001,489 | ---- | M] () -- C:\Search.html
[2005/11/14 20:13:36 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2005/11/23 15:46:42 | 000,001,733 | ---- | M] () -- C:\Wedding.html
[2008/08/13 18:47:13 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.d ll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 14:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 14:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 14:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

[Active] Problems running programs and internet

KazuoKiriyama77 — Tue, 31 Aug 2010 23:44:35 GMT

Hello again Broni.

Computer has problems with Chrome and running anything smoothly including City of Heroes, Firefox, and AVG. I made my attempt to fix the problem. Looks like I need a pro. I get an application failure upon start up. These problems are less than 24 hour new. GMER was running and caused windows to crash and reboot. No log could be found.

OTL logfile created on: 8/31/2010 4:28:40 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Timothy Hayes\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 138.85 Gb Free Space | 29.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KAZUO-KIRIYAMA
Current User Name: Timothy Hayes
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/31 16:27:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Timothy Hayes\My Documents\Downloads\OTL.exe
PRC - [2010/08/30 09:27:58 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/08 08:45:21 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/06/15 10:48:27 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler. exe
PRC - [2009/12/18 22:04:18 | 001,824,040 | ---- | M] (ManyCam LLC) -- C:\Program Files\ManyCam 2.4\ManyCam.exe
PRC - [2009/11/15 12:59:11 | 000,158,752 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2009/08/22 09:43:45 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/22 09:43:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/11/10 13:23:38 | 000,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/23 00:13:46 | 001,591,808 | ---- | M] (YourWare Solutions (TM)) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

========== Modules (SafeList) ==========

MOD - [2010/08/31 16:27:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Timothy Hayes\My Documents\Downloads\OTL.exe
MOD - [2010/08/31 16:22:46 | 000,012,800 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2010/08/29 12:31:35 | 000,047,616 | -H-- | M] () -- C:\WINDOWS\system32\drwtmem.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/08/22 09:43:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/11/10 13:23:50 | 005,117,568 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/11/10 13:23:42 | 000,243,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/11/10 13:23:38 | 000,060,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/12/04 11:57:38 | 000,036,864 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\AmdLLD.sys -- (AmdLLD)
DRV - [2010/03/26 18:21:26 | 005,883,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/15 23:51:59 | 010,232,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ambfilt.sys -- (Ambfilt)
DRV - [2009/08/22 09:43:45 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/22 09:43:45 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/23 11:01:42 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/06/23 11:01:40 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/23 11:01:40 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/11/10 13:09:32 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2008/05/07 12:21:53 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/01/14 03:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/12/20 13:35:26 | 000,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/08/28 17:05:12 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2006/09/11 04:45:38 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 04:45:36 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/07/05 05:33:24 | 000,472,000 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpn311.sys -- (AR5211)
DRV - [2005/01/07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2003/06/11 15:00:00 | 000,090,229 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P1130Vid.sys -- (P1130VID)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? }
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyServer" = http=71.6.139.135:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: firedownload@mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.2.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: performeroptimum@livejasmin.com:3.1.5.5
FF - prefs.js..extensions.enabledItems: {93AC5297-EC57-4B82-9675-E3658FA44711}:1.0
FF - prefs.js..extensions.enabledItems: {C8B0FA04-8CC9-406F-A0CF-D2D1AAACDFDB}:1.9.1
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5 b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 10:48:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{93AC529 7-EC57-4B82-9675-E3658FA44711}: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{93AC5297-EC57-4B82-9675-E3658FA44711}\ [2009/01/07 12:20:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C8B0FA0 4-8CC9-406F-A0CF-D2D1AAACDFDB}: C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\{C8B0FA04-8CC9-406F-A0CF-D2D1AAACDFDB}\ [2010/08/29 12:36:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/30 09:28:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/30 09:28:10 | 000,000,000 | ---D | M]

[2009/02/17 01:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Extensions
[2009/02/17 01:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Extensions\contact@callgraph.in
[2010/04/17 02:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\acwd192g.Kazuo\exten sions
[2010/03/01 13:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\acwd192g.Kazuo\exten sions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/17 02:24:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\acwd192g.Kazuo\exten sions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/01 13:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\acwd192g.Kazuo\exten sions\staged-xpis
[2010/08/30 13:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions
[2010/08/30 09:28:39 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/05/01 20:20:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/01 20:20:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/17 02:24:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/01 12:49:51 | 000,000,000 | ---D | M] (MidnightFox) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
[2010/03/01 12:49:49 | 000,000,000 | ---D | M] (4chan) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2010/08/30 09:28:40 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/30 09:28:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/30 09:28:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/01 20:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\firedownload@mozilla.org
[2010/03/11 16:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\performeroptimum@livejasmin.com
[2010/08/30 09:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\tineye@ideeinc.com
[2009/02/10 17:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\ultimatemyspacetoolbar@me.dium.com
[2010/03/01 12:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions
[2010/03/01 12:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\ext ensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}\chrome\mozapps\extensions\CVS
[2009/12/01 11:50:20 | 000,002,160 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Application Data\Mozilla\Firefox\Profiles\vhc11xtm.default\sea rchplugins\MySpace.xml
[2010/08/30 13:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/07/25 01:45:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInsta nce.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [LogonStudio] C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe (Stardock and Luca Saggese)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Vcekelaguzeya] C:\WINDOWS\obeliroquqof.DLL File not found
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) - C:\WINDOWS\system32\logonuiX.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/20 12:58:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: caclatch - (C:\WINDOWS\system32\drwtmem.dll) - C:\WINDOWS\system32\drwtmem.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746478449557504)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/29 12:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\{C8B0FA04-8CC9-406F-A0CF-D2D1AAACDFDB}
[2010/08/26 23:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Chit Chat For Facebook
[2010/08/26 23:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Chit Chat For Facebook
[2010/08/20 00:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Timothy Hayes\My Documents\The Morbid Chronicles
[2010/08/15 11:17:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/08/15 11:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\Microsoft Corporation
[2010/08/15 11:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/08/15 00:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\YourWare Solutions
[2010/08/11 23:29:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Timothy Hayes\Desktop\Unused Desktop Shortcuts
[2010/08/04 02:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2010/07/28 12:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\PunkBuster
[2010/07/28 03:11:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Timothy Hayes\Recent
[2010/07/23 13:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/07/23 13:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2010/07/21 22:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Timothy Hayes\Desktop\Cinema Snob
[2010/07/18 21:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\AIM
[2010/07/18 21:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/07/18 21:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/07/18 21:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/07/12 02:19:46 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/07/12 02:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/07/12 02:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/07/12 02:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Timothy Hayes\Application Data\Real
[2010/06/17 16:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\CohBeta

========== Files - Modified Within 90 Days ==========

[2010/08/31 16:31:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\vvypl.sys
[2010/08/31 16:22:52 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/08/31 16:22:45 | 000,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2010/08/31 16:22:41 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-790525478-261478967-839522115-1004.job
[2010/08/31 16:22:40 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-261478967-839522115-1004.job
[2010/08/31 16:22:39 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/31 16:20:46 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/31 16:20:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/31 16:20:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/31 15:43:35 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Timothy Hayes\NTUSER.DAT
[2010/08/31 15:43:24 | 004,843,292 | -H-- | M] () -- C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\IconCache.db
[2010/08/31 15:22:54 | 064,139,718 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/31 15:01:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-261478967-839522115-1004UA.job
[2010/08/31 14:53:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/31 14:07:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Timothy Hayes\ntuser.ini
[2010/08/31 14:06:52 | 000,000,696 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/31 14:06:52 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/31 14:06:52 | 000,000,222 | RHS- | M] () -- C:\boot.ini
[2010/08/31 13:13:05 | 000,013,744 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/31 13:06:23 | 000,290,829 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\1283283165744.jpg
[2010/08/30 20:01:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-261478967-839522115-1004Core.job
[2010/08/30 10:16:43 | 000,052,404 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Panyasee.jpg
[2010/08/29 23:21:11 | 029,262,725 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\xvideos.com_407355dd0b9c087908278364 7edaf5dc.wmv
[2010/08/29 23:11:28 | 000,002,356 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Google Chrome.lnk
[2010/08/29 23:11:28 | 000,002,334 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/29 23:10:25 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Usemeriwedoke.dat
[2010/08/29 12:36:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Lbolihe.bin
[2010/08/29 12:31:35 | 000,047,616 | -H-- | M] () -- C:\WINDOWS\System32\drwtmem.dll
[2010/08/28 16:04:19 | 000,152,576 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/26 23:45:45 | 080,480,608 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Avenged Sevenfold - Nightmare (2010).rar
[2010/08/22 23:26:24 | 000,019,510 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\1282543169738.jpg
[2010/08/22 13:15:19 | 000,032,564 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Dark Steel PSD.jpg
[2010/08/21 22:59:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/21 13:52:06 | 000,070,788 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\THE MORBID CHRONICLES.jpg
[2010/08/18 21:23:34 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\City of Heroes & Villains.lnk
[2010/08/12 21:17:57 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Shortcut to iTunes.lnk
[2010/08/12 03:26:25 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 03:09:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 03:08:31 | 000,497,192 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 03:08:31 | 000,437,812 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 03:08:31 | 000,070,220 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/09 09:27:20 | 006,039,585 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\01.Nightmare.mp3
[2010/07/28 12:16:01 | 000,137,544 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/07/28 12:15:52 | 000,189,480 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/07/28 12:13:53 | 000,139,152 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Application Data\PnkBstrK.sys
[2010/07/28 12:13:35 | 000,794,408 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/07/28 10:14:35 | 000,254,848 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\My Documents\cc_20100728_101426.reg
[2010/07/28 01:24:44 | 000,000,089 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/07/23 13:56:08 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/07/20 18:18:15 | 000,010,853 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\My Documents\Riddle me this.docx
[2010/07/18 21:25:49 | 000,001,396 | -H-- | M] () -- C:\IPH.PH
[2010/07/18 21:25:45 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/07/12 02:13:43 | 000,006,914 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\My Documents\Cinema Snob.m3u
[2010/06/27 00:34:46 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Shortcut to screenshots.lnk
[2010/06/17 00:07:49 | 000,011,145 | ---- | M] () -- C:\Documents and Settings\Timothy Hayes\My Documents\All Same.docx

========== Files Created - No Company Name ==========

[2010/08/31 13:06:23 | 000,290,829 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\1283283165744.jpg
[2010/08/31 00:18:18 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Mozilla Firefox.lnk
[2010/08/30 10:16:41 | 000,052,404 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Panyasee.jpg
[2010/08/29 23:20:07 | 029,262,725 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\xvideos.com_407355dd0b9c087908278364 7edaf5dc.wmv
[2010/08/29 23:11:28 | 000,002,356 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Google Chrome.lnk
[2010/08/29 23:11:28 | 000,002,334 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/29 12:36:35 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Usemeriwedoke.dat
[2010/08/29 12:36:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lbolihe.bin
[2010/08/29 12:31:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\vvypl.sys
[2010/08/29 12:31:35 | 000,047,616 | -H-- | C] () -- C:\WINDOWS\System32\drwtmem.dll
[2010/08/29 12:31:31 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\hngmfc.dat
[2010/08/28 16:07:06 | 006,039,585 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\01.Nightmare.mp3
[2010/08/26 23:41:29 | 080,480,608 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Avenged Sevenfold - Nightmare (2010).rar
[2010/08/22 23:26:24 | 000,019,510 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\1282543169738.jpg
[2010/08/22 13:15:19 | 000,032,564 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Dark Steel PSD.jpg
[2010/08/21 13:52:06 | 000,070,788 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\THE MORBID CHRONICLES.jpg
[2010/08/12 21:17:57 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Shortcut to iTunes.lnk
[2010/08/03 03:01:08 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/28 12:15:52 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/07/28 12:13:54 | 000,137,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/07/28 12:13:53 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Application Data\PnkBstrK.sys
[2010/07/28 12:13:36 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/07/28 12:13:35 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/07/28 12:13:35 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/07/28 10:14:28 | 000,254,848 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\My Documents\cc_20100728_101426.reg
[2010/07/20 18:18:14 | 000,010,853 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\My Documents\Riddle me this.docx
[2010/07/18 21:25:45 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/07/12 02:21:05 | 000,000,089 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/07/12 02:20:37 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-790525478-261478967-839522115-1004.job
[2010/07/12 02:20:36 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-261478967-839522115-1004.job
[2010/07/12 02:13:43 | 000,006,914 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\My Documents\Cinema Snob.m3u
[2010/06/27 00:34:46 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Desktop\Shortcut to screenshots.lnk
[2010/06/18 04:53:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/17 00:07:49 | 000,011,145 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\My Documents\All Same.docx
[2010/02/10 08:26:54 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\mszuc-oid.dll
[2010/01/02 05:46:16 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2010/01/02 05:46:08 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2010/01/02 04:39:58 | 000,172,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2009/07/23 16:35:53 | 000,001,408 | ---- | C] () -- C:\Program Files\amtffd.txt
[2009/07/14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/06/11 10:53:52 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/06/11 10:53:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2009/05/11 09:42:02 | 000,009,843 | ---- | C] () -- C:\WINDOWS\System32\mswun-oie.dll
[2009/01/06 09:35:13 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\mszunaerr.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/07/11 23:47:06 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/07/11 23:47:06 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/07/11 23:47:06 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/05/07 12:21:52 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/01/06 00:17:37 | 000,000,168 | ---- | C] () -- C:\WINDOWS\CS_MD_T.ini
[2007/12/25 19:26:02 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/25 03:34:33 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/23 23:04:12 | 000,152,576 | ---- | C] () -- C:\Documents and Settings\Timothy Hayes\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/28 09:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/08/07 12:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

========== LOP Check ==========

[2008/11/19 23:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/03/20 21:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/07/18 21:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/08/27 21:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chit Chat For Facebook
[2009/06/24 18:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Labs
[2009/05/17 08:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/03/31 18:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/08/03 09:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/26 00:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/11 15:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/01/02 05:32:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{56FC2B0D-3D08-45E7-B370-9A9DACA17E2F}
[2010/03/11 18:33:28 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\.#
[2007/12/29 19:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\acccore
[2009/07/05 11:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\BitTorrent
[2008/02/05 16:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\DNA
[2008/02/05 16:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\fizzy
[2009/05/06 15:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Gmote
[2010/01/31 16:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\ManyCam
[2008/02/12 10:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Opera
[2008/11/02 23:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\SPORE
[2008/07/23 16:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\SPORE Creature Creator
[2010/01/02 05:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\Stardock
[2010/08/29 12:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Hayes\Application Data\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/12/20 12:58:41 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/26 17:23:08 | 000,000,281 | ---- | M] () -- C:\boot-orig.ini
[2009/04/28 01:40:41 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/31 14:06:52 | 000,000,222 | RHS- | M] () -- C:\boot.ini
[2009/07/26 00:41:42 | 000,009,148 | ---- | M] () -- C:\Bug.txt
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/07/25 01:49:12 | 000,021,364 | ---- | M] () -- C:\ComboFix.txt
[2007/12/20 12:58:41 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/03/20 21:57:05 | 000,000,216 | ---- | M] () -- C:\DebugTrace-RockallDLL.log
[2009/04/28 01:54:48 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
[2007/12/20 12:58:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/18 21:25:49 | 000,001,396 | -H-- | M] () -- C:\IPH.PH
[2009/07/26 00:47:15 | 000,010,652 | ---- | M] () -- C:\JavaRa.log
[2007/12/20 12:58:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/12/21 03:18:06 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/16 16:25:51 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2009/06/17 21:47:38 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/06/17 21:47:39 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010/08/31 16:20:18 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/02/06 01:55:57 | 000,002,126 | ---- | M] () -- C:\rapport.txt
[2009/07/26 00:41:42 | 000,000,233 | ---- | M] () -- C:\Start_.cmd
[2010/08/31 16:20:45 | 000,000,627 | ---- | M] () -- C:\sti.log
[2010/03/18 20:01:17 | 000,155,648 | -H-- | M] () -- C:\SZKGFS.dat
[2008/08/02 10:39:59 | 000,009,078 | ---- | M] () -- C:\WoGDebug1.txt
[2007/12/21 03:10:00 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
[2007/03/28 14:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha .dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr .dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/12/20 20:44:07 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/12/20 20:44:07 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/12/20 20:44:07 | 000,409,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 17:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< Read more: http://www.d-a-l.com/help/spyware-ad...#ixzz0yEH2Q4Hp >
Invalid Switch: 68933-read-first-important-instructions-updated.html#ixzz0yEH2Q4Hp

========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8927A071

< End of report >

Attached Files

mbam-log-2010-08-31 (15-43-02).txt (2.2 KB)

avast

norman — Tue, 31 Aug 2010 02:54:55 GMT

Broni, is this a good anti-virus? Just curious because I have found that back in 2006 I bought a lifetime full and unlimited access for the pro version of this software.

[Active] Winlogon.exe problem

ramesh help — Mon, 30 Aug 2010 01:30:38 GMT

to remove autorun viruses and also a virus called winlogon.exe which closes the task manager within 2secs or when u open any folders and it closes the same timings.. what can be done?? i tried scanning with antiviruses it doesnt open n doesnt scan because it closes within 2secs.. anyways i am just asking for because many of my firnds computer is affected with that... n also i had to remove it manually through safe mode n it did.. but then is there software to remove it auto??

ALSO there is WINS folder creating all over the pendrive or hard disk.. also when one file is opened in the pendrive.. there are only shortcuts instead of the main folder. to open the main folder, i had to adjust the folder options through the tools and show the unhiden option and also some other options.. is there any way for opening this.. all the shortcut files are in ".exe" extention format. once option, it either attacks the computer or it doesnt open the file.

for yr info.. example files inside the folders are like word, excel and others

[Resolved] Google redirect

RobMoore — Sun, 29 Aug 2010 22:51:54 GMT

Here are my logs
Malewarebytes first.
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4504

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

29/08/2010 23:08:26
mbam-log-2010-08-29 (23-08-26).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|)
Objects scanned: 214810
Time elapsed: 37 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
------------------------------------------------------
MBR Check
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fd

Kernel Drivers (total 122):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xBA0A8000 lkitsbww.sys
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0B8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0C8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0D8000 VolSnap.sys
0xB9F31000 atapi.sys
0xB9F06000 nvgts.sys
0xB9EEE000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xBA0E8000 disk.sys
0xBA0F8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9ECE000 fltmgr.sys
0xBA108000 Lbd.sys
0xB9EB7000 KSecDD.sys
0xB9EA4000 WudfPf.sys
0xB9E17000 Ntfs.sys
0xB9DEA000 NDIS.sys
0xB9DD0000 Mup.sys
0xBA318000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8B19000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB8B05000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA398000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB8AE1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3A0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA158000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA168000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA178000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8ABE000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8A96000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA188000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA774000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA198000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8A7F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8A6E000 \SystemRoot\system32\DRIVERS\psched.sys
0xB96CE000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB96BE000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5E0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8A10000 \SystemRoot\system32\DRIVERS\update.sys
0xB9DAC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA1F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB5E06000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA614000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB31E6000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xAD5BB000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAD597000 \SystemRoot\system32\drivers\portcls.sys
0xAF41D000 \SystemRoot\system32\drivers\drmk.sys
0xAD55E000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xAD52B000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xBA64C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xAEFE2000 \SystemRoot\System32\Drivers\Null.SYS
0xBA64E000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA488000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA4A0000 \SystemRoot\System32\drivers\vga.sys
0xBA650000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA652000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAEC28000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAEC20000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB149A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAD3E7000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAD38E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAF068000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAD340000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAD318000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAF058000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB1482000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xAD2F6000 \SystemRoot\System32\drivers\afd.sys
0xAF048000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAD2D1000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xAEC18000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAD2A6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAD236000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAF038000 \SystemRoot\System32\Drivers\Fips.SYS
0xAEC10000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB147E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xAF028000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAEC98000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAD58F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xAAB8B000 \SystemRoot\System32\Drivers\aswSP.SYS
0xAC477000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xB2DA1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA784E000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xA7141000 \SystemRoot\System32\Drivers\dump_nvgts.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA7832000 \SystemRoot\System32\drivers\Dxapi.sys
0xA7731000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA68E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB86A0000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xAECA4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA6EA1000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA6CFC000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3A46000 \SystemRoot\system32\drivers\sysaudio.sys
0xA6B67000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA6B16000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xB5D2D000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA6A97000 \SystemRoot\system32\DRIVERS\srv.sys
0xA647F000 \SystemRoot\System32\Drivers\HTTP.sys
0xAC48F000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA61FF000 \SystemRoot\system32\drivers\kmixer.sys
0xA6025000 \??\C:\DOCUME~1\Rob's\LOCALS~1\Temp\pxtdrpow.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 35):
0 System Idle Process
4 System
580 C:\WINDOWS\system32\smss.exe
652 csrss.exe
676 C:\WINDOWS\system32\winlogon.exe
720 C:\WINDOWS\system32\services.exe
732 C:\WINDOWS\system32\lsass.exe
904 C:\WINDOWS\system32\svchost.exe
952 svchost.exe
1052 C:\Program Files\Windows Defender\MsMpEng.exe
1092 C:\WINDOWS\system32\svchost.exe
1136 C:\WINDOWS\system32\svchost.exe
1300 svchost.exe
1440 svchost.exe
1664 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1684 C:\WINDOWS\explorer.exe
1760 C:\WINDOWS\RTHDCPL.exe
1784 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1840 C:\WINDOWS\system32\rundll32.exe
1848 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
1876 E:\Program Files\Logitech\SetPoint\KEM.exe
480 C:\WINDOWS\system32\spoolsv.exe
1904 svchost.exe
1860 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
604 C:\Program Files\Java\jre6\bin\jqs.exe
656 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
1040 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
1356 C:\WINDOWS\system32\nvsvc32.exe
1400 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
2732 alg.exe
2740 C:\WINDOWS\system32\wscntfy.exe
3128 C:\WINDOWS\system32\svchost.exe
3496 C:\Program Files\Mozilla Firefox\firefox.exe
1572 C:\Documents and Settings\Rob's\My Documents\gfw2d9fo.exe (this is GMER)
3888 C:\Documents and Settings\Rob's\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000008`bd922600 (NTFS)

PhysicalDrive2 Model Number: SAMSUNGSP2504C, Rev: VT100-50
PhysicalDrive0 Model Number: ST380011A, Rev: 3.06
PhysicalDrive1 Model Number: Maxtor6E040L0, Rev: NAR61590

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive2 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
38 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!
-----------------------------
GMER
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-29 23:44:04
Windows 5.1.2600 Service Pack 3
Running: gfw2d9fo.exe; Driver: C:\DOCUME~1\Rob's\LOCALS~1\Temp\pxtdrpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAAB93CD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAAB93B8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xAAB94142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAAB9406C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAAB93764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAAB93C68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAAB936A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAAB93708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAAB93D88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xAAB94210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAAB93D48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAAB93EC8]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xAABA0B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAABA09C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAABA0AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP AABA0AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB3AC 7 Bytes JMP AABA09C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC520 5 Bytes JMP AAB9C5B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FA4 5 Bytes JMP AAB9DF6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1144 7 Bytes JMP AABA0BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? lkitsbww.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8B19360, 0x3535DF, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA6B16300, 0x22020, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB5D2D300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1020] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1044721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[720] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003B0002
IAT C:\WINDOWS\system32\services.exe[720] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003B0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

will add the last one soon

[Resolved] ProfileCnt.exe Error

autumnfrigger — Sat, 28 Aug 2010 03:08:06 GMT

Hello,

Every time we start the computer, we get an error that says "ProfileCnt.exe has encountered a problem and needs to close".

I do not know what is causing it or what it is. A google search offered no help. I posted earlier today under Windows XP Help, and got referred to post over here. If the problem is not being caused by Malware/Spyware, etc. please let me know where to look next because I have no clue what this is.

By the way, prior to coming along your Malware/Spyware instructions I had updated & ran Spybot, Malwarebytes, and a boot time scan on Avast. All 3 came up clean. Here are my results from the requested scans:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4483

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/26/2010 11:02:01 AM
mbam-log-2010-08-26 (11-02-01).txt

Scan type: Full scan (C:\|)
Objects scanned: 178139
Time elapsed: 49 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-27 21:27:49
Windows 5.1.2600 Service Pack 3
Running: rh1ey0kl.exe; Driver: C:\DOCUME~1\Mom\LOCALS~1\Temp\fxrdypod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA8A44CD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA8A44B8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xA8A45142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA8A4506C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA8A44764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA8A44C68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA8A446A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA8A44708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA8A44D88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xA8A45210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA8A44D48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA8A44EC8]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xA8A51B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA8A519C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xA8A51AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A8A51AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A8A519C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A8A4D5B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A8A4EF6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP A8A51BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1736] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1044721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2736] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[720] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[720] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat A75FDD20
Device \FileSystem\Fastfat \Fat A76019F2

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 129):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9F31000 atapi.sys
0xBA338000 cercsr6.sys
0xB9F19000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EF9000 fltmgr.sys
0xB9EE7000 sr.sys
0xB9ED0000 KSecDD.sys
0xB9E43000 Ntfs.sys
0xB9E16000 NDIS.sys
0xB9DFC000 Mup.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9271000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB925D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA3D8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9239000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3E0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9211000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB91FD000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB91E9000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB9198000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA308000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9175000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA58C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA590000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA6CB000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA318000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA594000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB915E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA128000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA138000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB914D000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA148000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA400000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA408000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA158000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5CE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB90EF000 \SystemRoot\system32\DRIVERS\update.sys
0xBA5A0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA178000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA198000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5D4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA8DC8000 \SystemRoot\system32\drivers\sthda.sys
0xA8DA4000 \SystemRoot\system32\drivers\portcls.sys
0xBA1A8000 \SystemRoot\system32\drivers\drmk.sys
0xA8D70000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA8C7E000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA8BCB000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA418000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA5D8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7D4000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5DA000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA438000 \SystemRoot\System32\drivers\vga.sys
0xBA5DC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5DE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA440000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA448000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA550000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8B70000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8B17000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA1B8000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA8AF1000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA8AA1000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA8A7F000 \SystemRoot\System32\drivers\afd.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA8A54000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA89E4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA1F8000 \SystemRoot\System32\Drivers\Fips.SYS
0xA89BD000 \SystemRoot\System32\Drivers\aswSP.SYS
0xBA570000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xBA460000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA897C000 \SystemRoot\system32\DRIVERS\RTL8187B.sys
0xBA470000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA8942000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0xBA5E8000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0xBA238000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA892A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5EA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB8FE6000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA488000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6AE000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1D8000 \SystemRoot\System32\igxpdx32.DLL
0xA885E000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xBA3A8000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA87FA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA87F6000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\wlndis50.sys
0xA84B3000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA7DCE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA7D91000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7F73000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7A8A000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7DBE000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA77F1000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA4A8000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 45):
0 System Idle Process
4 System
440 C:\WINDOWS\system32\smss.exe
648 csrss.exe
672 C:\WINDOWS\system32\winlogon.exe
716 C:\WINDOWS\system32\services.exe
728 C:\WINDOWS\system32\lsass.exe
888 C:\WINDOWS\system32\svchost.exe
936 svchost.exe
976 C:\WINDOWS\system32\svchost.exe
1108 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1204 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
1300 C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
1352 svchost.exe
1512 svchost.exe
1588 C:\WINDOWS\explorer.exe
1740 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1928 unsecapp.exe
2004 wmiprvse.exe
252 C:\WINDOWS\OEM02Mon.exe
268 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
360 C:\WINDOWS\system32\hkcmd.exe
368 C:\WINDOWS\system32\igfxpers.exe
340 C:\WINDOWS\stsystra.exe
380 C:\Program Files\Dell\QuickSet\quickset.exe
456 C:\WINDOWS\system32\igfxsrvc.exe
424 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
500 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
544 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
108 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1068 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1364 C:\WINDOWS\system32\ctfmon.exe
1500 C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
540 C:\WINDOWS\system32\wbem\unsecapp.exe
2152 C:\WINDOWS\system32\spoolsv.exe
2228 svchost.exe
3984 C:\Program Files\iWin Games\iWinTrusted.exe
4016 C:\Program Files\Java\jre6\bin\jqs.exe
4040 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
388 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
1424 C:\WINDOWS\system32\svchost.exe
3244 C:\WINDOWS\system32\wuauclt.exe
3140 alg.exe
2340 C:\Program Files\Mozilla Firefox\firefox.exe
3292 C:\Documents and Settings\Mom\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`04e71400 (NTFS)

PhysicalDrive0 Model Number: ST9160821AS, Rev: 3.CDE

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

OTL logfile created on: 8/27/2010 9:38:25 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.89 Gb Total Space | 122.25 Gb Free Space | 85.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOLITOR
Current User Name: Mom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/27 21:36:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
PRC - [2010/07/07 15:50:42 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2010/06/28 15:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/03/05 09:58:12 | 000,364,544 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2010/03/05 09:57:28 | 001,396,736 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2010/03/05 09:54:20 | 000,954,368 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2010/03/05 09:46:22 | 001,206,544 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/10 06:43:00 | 000,634,880 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
PRC - [2007/07/03 13:57:38 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/05/10 01:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM02Mon.exe
PRC - [2007/05/06 17:10:52 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

========== Modules (SafeList) ==========

MOD - [2010/08/27 21:36:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\026910~1.EXE -- (0269101282058365mcinstcleanup) McAfee Application Installer Cleanup (0269101282058365)
SRV - [2010/07/07 15:50:42 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspn et_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010/03/05 09:58:12 | 000,364,544 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2010/03/05 09:54:20 | 000,954,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/02/11 19:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TRENDnet\TEW-424UB\WLSVC.exe -- (WLSVC)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - [2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/31 11:58:36 | 006,608,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/08/10 01:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/23 16:02:02 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2007/07/19 00:40:08 | 000,264,576 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007/05/16 18:14:58 | 005,707,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/05/10 01:01:00 | 000,235,584 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/05/06 17:12:00 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/05 18:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/25 06:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 18:47:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 18:47:00 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/11/02 18:46:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{98e3436 7-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2010/07/12 09:58:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FA A-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/20 14:42:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/25 23:53:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/22 20:33:21 | 000,000,000 | ---D | M]

[2010/04/18 22:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions
[2010/07/08 16:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\uqe0msya.default\ext ensions
[2010/08/27 10:41:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/18 23:47:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 15:35:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/08 11:24:27 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/08/17 10:18:23 | 000,416,619 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14381 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1271648031015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/18 21:52:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/27 21:36:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2010/08/27 09:29:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mom\Recent
[2010/08/25 07:10:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Skip-Bo
[2010/08/24 17:22:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2010/08/24 17:22:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/08/20 18:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2010/08/17 16:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Apple Computer
[2010/08/17 16:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/17 16:07:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/08/17 16:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/08/17 16:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/17 16:06:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/08/15 18:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\RunningPillow
[2010/08/15 18:11:42 | 000,000,000 | ---D | C] -- C:\Program Files\KingsSmith
[2010/08/13 21:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/08/13 20:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\Zortam Mp3 Media Studio
[2010/08/05 13:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\PDF to Word 3
[2010/07/26 10:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Flash-Creator 1
[2010/07/23 18:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\pixelStorm
[2010/07/15 00:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\TRENDnet
[2010/07/14 23:58:06 | 000,264,576 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\RTL8187B.sys
[2010/07/14 12:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\My Documents\Trendnet
[2010/07/12 19:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2010/07/12 19:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2010/07/12 19:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Intel
[2010/07/12 19:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2010/07/12 19:29:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/07/12 09:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\iWin Games
[2010/07/12 09:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Inpaint
[2010/07/08 17:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\PlayFirst
[2010/07/08 17:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/06/30 01:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2010/06/30 01:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/30 01:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\iWin.com
[2010/06/30 01:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2010/06/29 10:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\CAM Development
[2010/06/29 10:30:39 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/24 10:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\My Documents\Web Page Maker
[2010/06/24 10:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Web Page Maker
[2010/06/24 10:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Web Page Maker
[2010/06/24 10:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\Web Page Maker
[2010/06/11 01:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\HdO Adventure
[2010/06/10 16:59:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/06/08 10:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/06/02 12:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\My Documents\Splenda

========== Files - Modified Within 90 Days ==========

[2010/08/27 21:36:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2010/08/27 21:33:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/27 21:33:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/27 21:33:00 | 2137,038,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/27 21:30:24 | 007,000,064 | ---- | M] () -- C:\Documents and Settings\Mom\ntuser.dat
[2010/08/27 21:30:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mom\ntuser.ini
[2010/08/26 10:05:29 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/25 23:39:29 | 002,041,765 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\Sony Receiver Manual.pdf
[2010/08/24 17:22:15 | 000,001,656 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
[2010/08/20 18:13:32 | 000,527,336 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/20 18:13:32 | 000,446,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/20 18:13:32 | 000,071,298 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/17 10:18:23 | 000,416,619 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/12 11:21:02 | 000,416,619 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100817-101823.backup
[2010/08/12 00:05:27 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/05 13:23:03 | 000,075,776 | ---- | M] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2010/07/16 22:56:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/15 00:25:49 | 005,856,040 | -H-- | M] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\IconCache.db
[2010/07/14 12:44:50 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/11 16:51:01 | 000,000,479 | ---- | M] () -- C:\WirelessDiagLog.csv
[2010/07/08 19:08:21 | 000,411,890 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100812-112102.backup
[2010/06/30 01:15:50 | 000,001,591 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Play iWin Games.lnk
[2010/06/28 15:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 15:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 15:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

========== Files Created - No Company Name ==========

[2010/08/25 23:39:29 | 002,041,765 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\Sony Receiver Manual.pdf
[2010/08/17 16:06:13 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/13 20:55:10 | 000,131,176 | ---- | C] () -- C:\WINDOWS\System32\mp3gain.exe
[2010/08/13 20:55:10 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll
[2010/08/13 20:55:09 | 000,580,096 | ---- | C] () -- C:\WINDOWS\System32\lame.exe
[2010/08/13 20:55:09 | 000,496,640 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/08/13 20:55:08 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\Mp3Ctrl.dll
[2010/07/26 10:31:47 | 000,075,776 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2010/07/15 00:51:12 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
[2010/07/14 23:58:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2010/07/13 23:12:00 | 007,000,064 | ---- | C] () -- C:\Documents and Settings\Mom\ntuser.dat
[2010/07/11 16:37:47 | 000,000,479 | ---- | C] () -- C:\WirelessDiagLog.csv
[2010/07/08 19:16:33 | 2137,038,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/30 01:15:49 | 000,001,591 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Play iWin Games.lnk
[2010/05/13 12:57:04 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/21 12:56:06 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2010/04/21 12:56:05 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2010/04/18 22:07:39 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

========== LOP Check ==========

[2010/04/18 22:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/30 02:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2010/05/04 14:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/06/30 01:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2010/05/10 02:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/07/08 17:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/08/20 18:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2010/08/20 14:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/26 12:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2010/06/24 10:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Web Page Maker
[2010/05/24 04:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/04/28 02:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Fuel Industries
[2010/05/03 01:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\GTM_Bodie
[2010/06/11 01:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\HdO Adventure
[2010/05/28 12:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\MBT
[2010/05/10 02:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Merscom
[2010/07/23 18:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\pixelStorm
[2010/07/08 17:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\PlayFirst
[2010/08/15 18:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\RunningPillow
[2010/08/25 07:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Skip-Bo
[2010/04/21 12:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\SystemRequirementsLab
[2010/04/26 12:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\UClick
[2010/05/24 10:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Ultima Website
[2010/06/24 10:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Web Page Maker
[2010/05/19 11:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\YCanPDF

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/04/18 21:52:48 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/18 21:46:42 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/04/18 21:52:48 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/03/03 15:41:02 | 000,096,264 | ---- | M] (Microsoft Corporation) -- C:\GameuxInstallHelper.dll
[2010/08/27 21:33:00 | 2137,038,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/18 21:52:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/02 19:32:53 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/04/18 21:52:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/18 23:58:51 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/27 21:32:59 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/07/11 16:51:01 | 000,000,479 | ---- | M] () -- C:\WirelessDiagLog.csv

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/04/18 16:37:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/04/18 16:37:45 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/04/18 16:37:45 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 19:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A37FCC3
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FDCA119
< End of report >

OTL Extras logfile created on: 8/27/2010 9:38:25 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.89 Gb Total Space | 122.25 Gb Free Space | 85.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOLITOR
Current User Name: Mom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{30283233-3BE6-473D-A47C-ED964A2F78B4}_is1" = Inpaint 2.4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{72B1C9BA-16C8-4800-B804-FEEFF087C2BD}_is1" = King's Smith 1.0
"{818FB39B-1A57-4F1B-A54D-391C33D6C596}" = Tropico
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9CB8279B-F11B-437C-AC58-C91AA3482F8D}" = Intel(R) PROSet/Wireless WiFi Software
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B1BDEA80-95CE-4DFB-B9D3-DC800E7F87B4}" = TRENDnet TEW-424UB Wireless USB 2.0 Adapter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C43421C0-0DCB-4F26-8A3B-BF16155F9879}" = TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and Utility
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"amg-alohasolitaire" = Aloha Solitaire
"amg-campfirelegendsthehookman" = Campfire Legends - The Hookman
"amg-familymysterythestoryofamy" = Family Mystery - The Story of Amy
"amg-ghosttownmysteriestmbodie" = Ghost Town Mysteries(TM) - Bodie
"amg-habitatrescuetmlionspride" = Habitat Rescue(TM) - Lion's Pride
"amg-hollywoodthedirectorscut" = Hollywood - The Director's Cut
"amg-hostilemakeoverafashionmurdermysterygame" = Hostile Makeover - A Fashion Murder Mystery Game
"amg-matchmakerjoininghearts" = Matchmaker - Joining Hearts
"amg-milliondollarpassword2009edition" = Million Dollar Password 2009 Edition
"amg-rainforestadventure" = Rainforest Adventure
"amg-skipbocastawaycapertm" = SKIP-BO Castaway Caper(TM)
"amg-sunsetstudiodeluxe" = Sunset Studio Deluxe
"amg-theconjurer" = The Conjurer
"amg-thetreasuresofmontezuma2" = The Treasures of Montezuma 2
"amg-winemakerextraordinaire" = Winemaker Extraordinaire
"amg-wordtravels" = Word Travels
"Atmosphere Lite Plus_is1" = Atmosphere Lite Plus v6.0
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F10 00F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.02.01.0612)
"CUZ4_is1" = CAM UnZip 4.42
"Farm Frenzy 3" = Farm Frenzy 3 (remove only)
"Flash-Creator 1" = Flash-Creator 1
"ie8" = Windows Internet Explorer 8
"InstallShield_{C43421C0-0DCB-4F26-8A3B-BF16155F9879}" = TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and Utility
"IrfanView" = IrfanView (remove only)
"iWinArcade" = iWin Games (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PDF to Word 3" = PDF to Word 3
"PDFZilla_is1" = PDFZilla V1.2.9
"ProInst" = Intel PROSet Wireless
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Ultima Website_is1" = Ultima Website 1.7
"Web Page Maker_is1" = Web Page Maker V3.21
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zortam Mp3 Media Studio_is1" = Zortam Mp3 Media Studio 11.10

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/27/2010 4:39:59 PM | Computer Name = MOLITOR | Source = Application Error | ID = 1000
Description = Faulting application inpaint.exe, version 2.4.0.0, faulting module
inpaint.exe, version 2.4.0.0, fault address 0x000035a7.

Error - 8/27/2010 4:42:15 PM | Computer Name = MOLITOR | Source = Application Error | ID = 1000
Description = Faulting application inpaint.exe, version 2.4.0.0, faulting module
inpaint.exe, version 2.4.0.0, fault address 0x000035a7.

Error - 8/27/2010 4:46:19 PM | Computer Name = MOLITOR | Source = Application Error | ID = 1000
Description = Faulting application inpaint.exe, version 2.4.0.0, faulting module
inpaint.exe, version 2.4.0.0, fault address 0x000035a7.

Error - 8/27/2010 4:58:58 PM | Computer Name = MOLITOR | Source = Application Error | ID = 1000
Description = Faulting application inpaint.exe, version 2.4.0.0, faulting module
inpaint.exe, version 2.4.0.0, fault address 0x000035a7.

Error - 8/27/2010 5:01:25 PM | Computer Name = MOLITOR | Source = Application Error | ID = 1000
Description = Faulting application inpaint.exe, version 2.4.0.0, faulting module
inpaint.exe, version 2.4.0.0, fault address 0x000035a7.

Error - 8/27/2010 5:07:20 PM | Computer Name = MOLITOR | Source = Application Error | ID = 1000
Description = Faulting application inpaint.exe, version 2.4.0.0, faulting module
inpaint.exe, version 2.4.0.0, fault address 0x000035a7.

Error - 8/27/2010 5:18:55 PM | Computer Name = MOLITOR | Source = Application Error | ID = 1000
Description = Faulting application inpaint.exe, version 2.4.0.0, faulting module
inpaint.exe, version 2.4.0.0, fault address 0x000035a7.

Error - 8/27/2010 5:23:20 PM | Computer Name = MOLITOR | Source = Application Error | ID = 1000
Description = Faulting application inpaint.exe, version 2.4.0.0, faulting module
inpaint.exe, version 2.4.0.0, fault address 0x000035a7.

Error - 8/27/2010 9:26:33 PM | Computer Name = MOLITOR | Source = Application Error | ID = 1000
Description = Faulting application ProfileCnt.exe, version 0.0.0.0, faulting module
ProfileCnt.exe, version 0.0.0.0, fault address 0x00001704.

Error - 8/27/2010 10:33:21 PM | Computer Name = MOLITOR | Source = Application Error | ID = 1000
Description = Faulting application ProfileCnt.exe, version 0.0.0.0, faulting module
ProfileCnt.exe, version 0.0.0.0, fault address 0x00001704.

[ System Events ]
Error - 8/27/2010 9:24:57 PM | Computer Name = MOLITOR | Source = Service Control Manager | ID = 7034
Description = The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/27/2010 9:24:57 PM | Computer Name = MOLITOR | Source = Service Control Manager | ID = 7034
Description = The Intel(R) PROSet/Wireless WiFi Service service terminated unexpectedly.
It has done this 1 time(s).

Thank you in advance for your assistance!

[Resolved] Trojans found by Dr.Webb CureIT

norman — Thu, 26 Aug 2010 03:04:09 GMT

Hello Broni, I am working on my ex-mother-in-laws computer that was infected (I think is still infected) with # of Trojans. When I first got there to aid in removing the infected computer I could not execute any type of, anti-virus, malwarebytes, Dr.Webb. So, I download the latest Dr. Webb and run it from safe mode. (the only way you could run anything). It found 16 different Trojans ranging from, backdoor to others.

Now, it will allow to run Malwarebytes, Dr. Webb but, we are getting this Message "Generic Host Process for Win32 services as encounter a problem" and can't log on the internet or update malwarebytes, or her anti-Virus (Avira) So, I think she stills has corrupt files so where do I go from here? Recovery Console? help please thanks :D

[Active] can any one help

ghannami — Wed, 25 Aug 2010 13:22:17 GMT

Logfile of Trend Micro HijackThis v2.0.2

[HJT log removed - Broni]

[Active] Can you tell me if I'm infected?

lamaline — Tue, 24 Aug 2010 13:48:58 GMT

Hello
Here is a recent log file I've run with highjackthis. My computer lags and it's probably a virus.
You guys let me know what to do. Thank you very much - Carine.
----

[Inactive] Threats in registry\system files

barnii — Mon, 23 Aug 2010 20:28:48 GMT

My system has crashed to blue screen several times. Info given: minidump 08211-2537501
plus other 12 digit codes. Also local\temp\wer- 70468- sys data. Im surprised i have'nt crashed whilst writing this.

[Resolved] need to check if virus is present

ramesh help — Sun, 22 Aug 2010 11:04:29 GMT

neal, how are you? its been a long time since i have posted anything in this website :)

I would like to know if i have viruses running in my computer. i noticed that my system is running slow, and sometimes its hanging while running applications. it happens sometimes only. also when i load up my computer, the process space taken is more then 500mb when loading itsself to the desktop. Please check and let me know what to do. thanks

this is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:33:34 PM, on 8/22/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Users\ramesh\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Tata Photon Whiz\Aide.exe
C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Tata Photon Whiz\Tata Photon Whiz.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~2\DUMETE~1\DUMeter.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = NuevaQ.Fm Donde Manda Nuestra Cumbia
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NuevaQ.Fm Donde Manda Nuestra Cumbia
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = NuevaQ.Fm Donde Manda Nuestra Cumbia
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://shop.thefreevpn.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Free Online News, Sport, Music, Movies, Money, Cars and Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Free Online News, Sport, Music, Movies, Money, Cars and Windows Live from MSN UK
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = NuevaQ.Fm Donde Manda Nuestra Cumbia
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: HotSpot International Toolbar - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HotSpot International Toolbar - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: HotSpot International Toolbar - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll
O4 - HKLM\..\Run: [Aide] "C:\Program Files (x86)\Tata Photon Whiz\Aide.exe"
O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe -Hide
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\ramesh\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Pl ugin.exe -update plugin
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F50BC3A-4E7D-4EDB-BD90-88B2C73AC029}: NameServer = 121.242.190.180 121.242.190.211
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1225EE1-C74C-4A01-B42F-9C59AA2F44BA}: NameServer = 10.28.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\SysWow64\DreamScene.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8590 bytes

[Inactive] viras problem

gooners500 — Sat, 21 Aug 2010 11:15:06 GMT

Hi
has anyone come across this have picked up a virus claims to be a security site tries to tell me i have been infected with everything tries to log me onto three or four porno sites strangely for a security site ?? but windows then stops me trying to kill it by telling me all my security is infected so far only on one user on my pc but can not get rid of it so am afraid it will spread dont want to have to reset!!!!help

[Inactive] Google results redirected to ads

llee824 — Fri, 20 Aug 2010 07:31:58 GMT

Hi all,

Like many others, I'm having the google results being redirected to random ad problems too. The following are the results to my scans.

[Inactive] Redirecting in firefox

racethetrain — Tue, 17 Aug 2010 16:41:57 GMT

first off I'm using windows 7.

I had the stupid Anti-malware doctor episode yesterday, I got that fixed but now anytime I click on a link from a search site, I get redirected to any number of stupid sites. If I type the direct address of the site I want to go to it works fine and I can navigate that specific site with its links, but other than that all search links redirect me.

I have :

AVG
Malwarebytes
Hijack this
and ad-aware,

I've ran them all and still I cant get browse properly

any ideas?

[Closed] My last thread was closed

Derucksucks — Mon, 16 Aug 2010 22:28:45 GMT

My "Acting Weird" thread was closed. But I did the CFScript Combofix run and here is there log:

ComboFix 10-08-16.01 - Derick Latimer 08/16/2010 17:25:42.9.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.2006 [GMT -4:00]
Running from: c:\documents and settings\Derick Latimer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Derick Latimer\Desktop\CFScript.txt
* Resident AV is active

FILE ::
"c:\windows\system32\ATMPVCNC.dat"
"c:\windows\system32\comuir.dat"
"c:\windows\system32\csrsrga.dat"
"c:\windows\system32\dswavj.dat"
"c:\windows\system32\mdimopqt.dat"
"c:\windows\system32\qmgrpsxy.dat"
"c:\windows\SYSTEM32\qmgrpsxy.ocx"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Derick Latimer\Local Settings\Application Data\jhvsbc
c:\documents and settings\Derick Latimer\Local Settings\Application Data\jhvsbc\fqjdei.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\cxpwcrxec
c:\windows\settings.reg

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
.

2010-08-04 01:59 . 2010-08-16 21:14 214 ----a-w- c:\windows\system32\insewgjm.dat
2010-08-04 01:59 . 2010-08-16 21:14 214 ----a-w- c:\windows\system32\ialmuPTm.dat
2010-07-29 20:44 . 2010-08-16 21:13 0 ----a-w- c:\windows\system32\ialmunUS.dat
2010-07-29 19:25 . 2010-08-16 21:24 602 ----a-w- c:\windows\system32\rassdpi.dat
2010-07-29 19:25 . 2010-08-16 21:24 4364 ----a-w- c:\windows\system32\KBDCY2IR.dat
2010-07-29 19:25 . 2010-08-16 21:23 0 ----a-w- c:\windows\system32\SYSIWV.dat
2010-07-29 19:25 . 2010-08-04 01:59 317 ----a-w- c:\windows\system32\MFC4VVR.dat
2010-07-20 18:53 . 2010-07-20 18:53 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-20 14:50 . 2010-07-20 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-07-19 00:36 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-07-23 19:57 . 2008-04-24 06:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-20 19:02 . 2005-01-11 22:20 -------- d-----w- c:\program files\iTunes
2010-07-20 19:00 . 2005-01-11 22:16 -------- d-----w- c:\program files\iPod
2010-07-20 19:00 . 2007-07-27 16:54 -------- d-----w- c:\program files\Common Files\Apple
2010-07-20 18:29 . 2009-04-15 04:38 256 ----a-w- c:\windows\system32\pool.bin
2010-07-20 14:50 . 2009-04-15 04:28 -------- d-----w- c:\program files\Research In Motion
2010-07-20 14:50 . 2009-04-15 04:38 -------- d-----w- c:\documents and settings\Derick Latimer\Application Data\Research In Motion
2010-07-19 03:23 . 2008-01-24 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-06 17:13 . 2007-12-30 19:02 -------- d-----w- c:\documents and settings\Derick Latimer\Application Data\LimeWire
2010-07-06 17:04 . 2003-06-07 04:32 -------- d-----w- c:\program files\Bonjour
2010-06-22 00:27 . 2008-10-03 03:47 -------- d-----w- c:\documents and settings\Derick Latimer\Application Data\Skype
2010-06-21 20:02 . 2008-10-03 03:48 -------- d-----w- c:\documents and settings\Derick Latimer\Application Data\skypePM
2010-06-21 15:58 . 2010-06-21 15:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-18 17:22 . 2009-10-27 15:40 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-18 17:22 . 2010-06-18 22:03 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-18 17:20 . 2010-06-18 17:23 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-18 16:20 . 2004-09-07 15:00 -------- d-----w- c:\program files\Lavasoft
2010-06-18 16:19 . 2010-06-11 15:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-18 16:19 . 2008-02-26 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-18 15:16 . 2009-03-17 20:09 -------- d-----w- c:\program files\Logitech
2010-06-14 14:31 . 2004-03-19 22:37 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\mf c4vvr]
@="{9F69A6F5-AD41-391E-DCB7-F60868BC81AE}"
[HKEY_CLASSES_ROOT\CLSID\{9F69A6F5-AD41-391E-DCB7-F60868BC81AE}]
2004-03-19 22:38 139264 ----a-w- c:\windows\SYSTEM32\MFC4VVR.ocx

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\ Flash\FlashUtil10h_Plugin.exe" [2010-06-11 231888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2004-06-10 60928]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2003-09-29 81990]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 135251]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 36864]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shock wave 8\PostUpdate.exe" [2010-06-18 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311T Wireless Assistant.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2004-12-17 7708672]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Steam\\steamapps\\derick7w7l777\\garrysmod\\h l2.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\SYSTEM32\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager .exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [6/18/2010 1:23 PM 64288]
R1 ElRawDisk;ElRawDisk;c:\windows\SYSTEM32\DRIVERS\dd dsk.sys [2/2/2010 10:31 PM 22312]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 74480]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service;c:\windows\SYSTEM32\DRIVERS\ts_athw.sys [2/23/2009 9:54 PM 1351008]
S3 US122;US122 Driver;c:\windows\SYSTEM32\DRIVERS\US122.sys [10/6/2008 5:06 PM 131968]
S3 US122DL;US122 Firmware Downloader;c:\windows\SYSTEM32\DRIVERS\US122DL.sys [7/30/2004 12:02 PM 18304]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\SYSTEM32\DRIVERS\US122Wdm.sys [10/6/2008 5:06 PM 39168]
S3 XIRLINK;IBM PC Camera;c:\windows\SYSTEM32\DRIVERS\C-itNT.sys [10/12/2004 11:18 PM 899884]
S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [2/3/2010 10:54 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-07-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 17:20]

2010-07-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-22 18:39]

2010-07-31 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped05.exe [2004-06-07 04:53]

2010-08-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: aol.com\free
DPF: {205FF73B-CA67-11D5-99DD-444553540012} - hxxp://www.funnytaf.com/fun/installer/Install.cab
FF - ProfilePath - c:\documents and settings\Derick Latimer\Application Data\Mozilla\Firefox\Profiles\gi1j5s3x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&quer y=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedengine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Derick Latimer\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - plugin: f:\picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-16 17:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1110998777-3197101894-3851603869-1006\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{97694FD9-60CA-16BD-C52E-AF566E8F3ABE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-08-16 17:43:15
ComboFix-quarantined-files.txt 2010-08-16 21:42
ComboFix2.txt 2010-06-23 12:35
ComboFix3.txt 2009-12-18 15:07

Pre-Run: 16,896,802,816 bytes free
Post-Run: 16,990,396,416 bytes free

Current=4 Default=4 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 31A844824F04B0C7B18DF7B7472DBB14

Please let me know if you can still help.

Here's an HJT log as well:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:25 PM, on 8/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\acs.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
F:\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 8\PostUpdate.exe" 1014021 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 8\PostUpdate.exe" 1014021 (User 'Default user')
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - Page not found | Facebook
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} (CInstall Class) - http://www.funnytaf.com/fun/installer/Install.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...oadControl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\SYSTEM32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - F:\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12340 bytes