Here's my OTListIt logs:
OTListIt logfile created on: 4/5/2009 11:25:14 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.11.0 Folder = C:\Documents and Settings\Helen\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.48 Mb Total Physical Memory | 584.07 Mb Available Physical Memory | 57.07% Memory free
2.41 Gb Paging File | 2.07 Gb Available in Paging File | 85.94% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 141.01 Gb Free Space | 91.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HELEN
Current User Name: Helen
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\COMODO\SafeSurf\cssurf.exe (COMODO)
PRC - C:\Program Files\COMODO\Firewall\cfp.exe ()
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\COMODO\Firewall\cmdagent.exe ()
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Helen\Desktop\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Stopped]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Avgt_as [On_Demand | Stopped]) -- File not found
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (cmdAgent [Auto | Running]) -- C:\Program Files\COMODO\Firewall\cmdagent.exe ()
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (wampmysqld [On_Demand | Stopped]) -- File not found
========== Driver Services (SafeList) ==========
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (cmdGuard [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys (COMODO)
DRV - (cmdHlp [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys (COMODO)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hamachi [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (Inspect [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (MBAMSwissArmy [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (motccgp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motccgp.sys (Motorola)
DRV - (motccgpfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motccgpfl.sys (Motorola)
DRV - (MotDev [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motodrv.sys (Motorola Inc)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys (Motorola)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.myspace.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/02/07 01:17:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/23 21:53:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/29 21:11:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/29 21:11:39 | 00,000,000 | ---D | M]
[2008/07/10 23:58:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen\Application Data\mozilla\Extensions
[2008/07/10 23:58:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/04 13:03:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen\Application Data\mozilla\Firefox\Profiles\ul81o9i1.default\extensions
[2008/12/26 23:25:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen\Application Data\mozilla\Firefox\Profiles\ul81o9i1.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/01/10 22:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen\Application Data\mozilla\Firefox\Profiles\ul81o9i1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/04/04 13:03:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/29 21:11:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/23 21:53:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/30 20:59:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/29 21:11:31 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/29 21:11:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/08 20:52:09 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/08 20:52:09 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/08 20:52:09 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/08 20:52:09 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/08 20:52:09 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/08 20:52:09 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/08 20:52:10 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (304742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10497 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h ()
O4 - HKLM..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h ()
O4 - HKLM..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s (COMODO)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\cssdll32.dll) - C:\WINDOWS\system32\cssdll32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
========== Files/Folders - Created Within 30 Days ==========
[3 C:\WINDOWS\*.tmp files]
[2009/04/05 09:36:22 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/04 14:23:15 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Helen\Desktop\OTListIt2.exe
[2009/04/04 14:23:03 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\Rooter.exe
[2009/03/30 23:59:59 | 10,732,70784 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/30 20:58:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/03/30 13:05:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Helen\Application Data\Malwarebytes
[2009/03/30 13:05:02 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/30 13:05:02 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/30 13:04:59 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/30 13:04:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/30 13:04:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/30 13:04:00 | 02,906,232 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Helen\Desktop\mbam-setup.exe
[2009/03/26 01:39:58 | 00,448,052 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\Jason Mraz - Lucky.mp3
[2009/03/26 01:04:32 | 00,102,648 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\New.mp3
[2009/03/23 23:56:06 | 06,320,244 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\DAY26 - Stadium Music.mp3
[2009/03/23 22:38:21 | 05,595,890 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\The Dream - My Love (Feat. Mariah Carey).mp3
[2009/03/23 22:38:16 | 02,189,280 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\Metro Station - Seventeen Forever.mp3
[2009/03/23 22:38:11 | 03,530,969 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\Se7en - Them Girls (Feat. Lil Kim).mp3
[2009/03/23 22:37:52 | 02,606,613 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\Stereo Skyline - Heartbeat.mp3
[2009/03/22 23:17:06 | 00,001,126 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\fafsaa.rtf
[2009/03/15 22:41:52 | 07,610,783 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\Utada Hikaru - Come Back to Me.mp3
[2009/03/15 22:25:56 | 00,000,628 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\college id.rtf
[2009/03/14 01:20:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Helen\Desktop\[www.RnB4U.in]10.03.09(2)
[2009/03/11 02:00:07 | 02,260,263 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\Escape the Fate - Situations.MP3
[2009/03/11 01:57:14 | 02,412,610 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\The White Tie Affair - Take It Home.MP3
[2009/03/11 01:53:03 | 02,766,516 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\Framing Hanley - Alone in This Bed Capeside.MP3
[2009/03/11 01:49:46 | 02,474,676 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\PANIC! at the Disco - But It's Better If You Do.MP3
[2009/03/11 01:45:43 | 02,234,873 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\All Time Low - Poppin' Video Mix.MP3
[2009/03/11 01:43:04 | 02,177,820 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\All Time Low - Coffee Shop Soundtrack.mp3
[2009/03/11 01:40:18 | 03,553,325 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\Owl City - The Saltwater Room.mp3
[2009/03/11 01:35:17 | 02,647,085 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\New Found Glory - My Friends Over You.mp3
[2009/03/11 01:32:15 | 01,700,407 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\New Found Glory - Dig My Own Grave.mp3
[2009/03/11 00:12:45 | 02,840,955 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\Owl City - Hello Seattle.mp3
[2009/03/11 00:12:40 | 02,786,730 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\The Maine - The Way We Talk.mp3
[2009/03/11 00:10:51 | 08,898,551 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\Fall Out Boy - America's Suitehearts.mp3
[2009/03/11 00:10:28 | 04,480,082 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\Jesse McCartney - How Do You Sleep (Feat. Ludacris).mp3
[2009/03/10 22:58:20 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/03/09 23:01:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Helen\Desktop\NDS R4
[2009/03/08 22:25:31 | 00,152,832 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\kdk_0644.jpg
[2009/03/08 22:25:19 | 00,229,912 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\kdk_0643.jpg
[2009/03/08 22:25:05 | 00,226,299 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\kdk_0571.jpg
[2009/03/08 22:24:52 | 00,193,458 | ---- | C] () -- C:\Documents and Settings\Helen\Desktop\kdk_0565.jpg
[2008/09/23 02:14:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\RingtoneMaker.INI
[2008/09/23 01:58:46 | 00,005,729 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/08/06 00:45:24 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/07/16 00:30:10 | 01,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll
[2008/07/11 16:19:29 | 00,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/07/11 02:04:37 | 00,143,096 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2008/07/10 23:40:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2008/07/10 23:38:49 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\desktop.ini
[2008/07/10 23:38:49 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2008/07/10 23:38:04 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2008/07/10 23:38:04 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2008/07/10 23:37:19 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2008/07/10 23:37:18 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2008/07/10 16:31:15 | 00,458,340 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/07/10 16:31:14 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 05:00:00 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2004/08/04 05:00:00 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2004/08/04 05:00:00 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2004/08/04 05:00:00 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2004/08/04 05:00:00 | 00,498,205 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2004/08/04 05:00:00 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2004/08/04 05:00:00 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2004/08/04 05:00:00 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004/08/04 05:00:00 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll
[2004/08/04 05:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2004/08/04 05:00:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2004/08/04 05:00:00 | 00,186,368 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004/08/04 05:00:00 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2004/08/04 05:00:00 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2004/08/04 05:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2004/08/04 05:00:00 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2004/08/04 05:00:00 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2004/08/04 05:00:00 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2004/08/04 05:00:00 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004/08/04 05:00:00 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004/08/04 05:00:00 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2004/08/04 05:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004/08/04 05:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004/08/04 05:00:00 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004/08/04 05:00:00 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2004/08/04 05:00:00 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2004/08/04 05:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2004/08/04 05:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2004/08/04 05:00:00 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2004/08/04 05:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 05:00:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2004/08/04 05:00:00 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2004/08/04 05:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2004/08/04 05:00:00 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2004/08/04 05:00:00 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2004/08/04 05:00:00 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2004/08/04 05:00:00 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2004/08/04 05:00:00 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2004/08/04 05:00:00 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2004/08/04 05:00:00 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2004/08/04 05:00:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2004/08/04 05:00:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2004/08/04 05:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2004/08/04 05:00:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2004/08/04 05:00:00 | 00,000,498 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2004/08/04 05:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/06/14 07:00:01 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
[2001/08/17 15:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/04/05 11:24:24 | 00,013,692 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/05 11:24:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/05 11:24:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/05 11:24:18 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/05 09:32:31 | 00,304,742 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/05 09:30:43 | 00,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/05 09:30:43 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/05 09:30:43 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/05 02:22:27 | 00,004,368 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\1 Up.mp3
[2009/04/05 02:10:38 | 03,233,430 | -H-- | M] () -- C:\Documents and Settings\Helen\Local Settings\Application Data\IconCache.db
[2009/04/04 14:26:05 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\CCleaner.lnk
[2009/04/04 14:23:15 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Helen\Desktop\OTListIt2.exe
[2009/04/04 14:23:04 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\Rooter.exe
[2009/04/04 12:52:13 | 00,448,052 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\Jason Mraz - Lucky.mp3
[2009/03/30 21:21:24 | 00,304,354 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090405-093231.backup
[2009/03/30 13:05:02 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/30 13:04:01 | 02,906,232 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Helen\Desktop\mbam-setup.exe
[2009/03/27 23:13:41 | 00,102,648 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\New.mp3
[2009/03/27 23:11:25 | 34,514,253 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/03/27 23:11:25 | 00,070,671 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/26 17:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 17:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/24 01:01:44 | 00,303,552 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090330-202124.backup
[2009/03/24 00:06:29 | 06,320,244 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\DAY26 - Stadium Music.mp3
[2009/03/23 23:56:45 | 00,000,897 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\fdsa.rtf
[2009/03/23 23:55:24 | 03,530,969 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\Se7en - Them Girls (Feat. Lil Kim).mp3
[2009/03/23 22:50:52 | 02,189,280 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\Metro Station - Seventeen Forever.mp3
[2009/03/23 22:49:48 | 05,595,890 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\The Dream - My Love (Feat. Mariah Carey).mp3
[2009/03/23 22:45:58 | 02,606,613 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\Stereo Skyline - Heartbeat.mp3
[2009/03/23 22:45:12 | 07,610,783 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\Utada Hikaru - Come Back to Me.mp3
[2009/03/22 23:17:06 | 00,001,126 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\fafsaa.rtf
[2009/03/20 00:16:21 | 00,000,206 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\college.rtf
[2009/03/15 23:46:57 | 00,000,628 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\college id.rtf
[2009/03/11 02:14:24 | 02,260,263 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\Escape the Fate - Situations.MP3
[2009/03/11 01:58:01 | 02,412,610 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\The White Tie Affair - Take It Home.MP3
[2009/03/11 01:53:37 | 02,766,516 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\Framing Hanley - Alone in This Bed Capeside.MP3
[2009/03/11 01:50:46 | 02,474,676 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\PANIC! at the Disco - But It's Better If You Do.MP3
[2009/03/11 01:46:33 | 02,234,873 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\All Time Low - Poppin' Video Mix.MP3
[2009/03/11 01:43:42 | 02,177,820 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\All Time Low - Coffee Shop Soundtrack.mp3
[2009/03/11 01:41:10 | 03,553,325 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\Owl City - The Saltwater Room.mp3
[2009/03/11 01:36:05 | 02,647,085 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\New Found Glory - My Friends Over You.mp3
[2009/03/11 01:33:39 | 01,700,407 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\New Found Glory - Dig My Own Grave.mp3
[2009/03/11 00:16:45 | 08,898,551 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\Fall Out Boy - America's Suitehearts.mp3
[2009/03/11 00:16:00 | 02,840,955 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\Owl City - Hello Seattle.mp3
[2009/03/11 00:13:29 | 02,786,730 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\The Maine - The Way We Talk.mp3
[2009/03/11 00:12:19 | 04,480,082 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\Jesse McCartney - How Do You Sleep (Feat. Ludacris).mp3
[2009/03/10 22:47:56 | 00,303,072 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090324-000144.backup
[2009/03/10 21:53:05 | 00,002,453 | ---- | M] () -- C:\Documents and Settings\Helen\My Documents\Songs.rtf
[2009/03/08 22:25:31 | 00,152,832 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\kdk_0644.jpg
[2009/03/08 22:25:19 | 00,229,912 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\kdk_0643.jpg
[2009/03/08 22:25:05 | 00,226,299 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\kdk_0571.jpg
[2009/03/08 22:24:53 | 00,193,458 | ---- | M] () -- C:\Documents and Settings\Helen\Desktop\kdk_0565.jpg
< End of report >
OTListIt Extras logfile created on: 4/5/2009 11:25:15 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.11.0 Folder = C:\Documents and Settings\Helen\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.48 Mb Total Physical Memory | 584.07 Mb Available Physical Memory | 57.07% Memory free
2.41 Gb Paging File | 2.07 Gb Available in Paging File | 85.94% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 141.01 Gb Free Space | 91.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HELEN
Current User Name: Helen
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.5
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 13
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{61DE738B-CA77-4B59-B9D3-67226BB7DCE3}" = Motorola Software Update
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{E8F728D0-C3F0-42EB-BBC2-C4A38A577CB1}" = Motorola Phone Tools
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FE4EBAAB-E02A-455E-A814-3B5881885030}_is1" = Mobile Ringtone Converter 2.3.45
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"AVG8Uninstall" = AVG Free 8.0
"CCleaner" = CCleaner (remove only)
"COMODO Firewall Pro" = COMODO Firewall Pro
"COMODO SafeSurf" = COMODO SafeSurf
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LimeWire" = LimeWire 4.18.8
"MAGIX Ringtone Maker 2 silver US" = MAGIX Ringtone Maker 2 silver (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/31/2009 11:51:50 AM | Computer Name = HELEN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 3/31/2009 11:51:50 AM | Computer Name = HELEN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 3/31/2009 11:51:55 AM | Computer Name = HELEN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 3/31/2009 11:51:55 AM | Computer Name = HELEN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.
[ System Events ]
Error - 4/5/2009 1:26:15 PM | Computer Name = HELEN | Source = Service Control Manager | ID = 7000
Description = The Avgt_as service failed to start due to the following error: %%3
Error - 4/5/2009 1:26:15 PM | Computer Name = HELEN | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3
Error - 4/5/2009 1:38:01 PM | Computer Name = HELEN | Source = Service Control Manager | ID = 7000
Description = The Avgt_as service failed to start due to the following error: %%3
Error - 4/5/2009 1:38:01 PM | Computer Name = HELEN | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3
Error - 4/5/2009 1:48:00 PM | Computer Name = HELEN | Source = Service Control Manager | ID = 7000
Description = The Avgt_as service failed to start due to the following error: %%3
Error - 4/5/2009 1:48:00 PM | Computer Name = HELEN | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3
Error - 4/5/2009 1:59:32 PM | Computer Name = HELEN | Source = Service Control Manager | ID = 7000
Description = The Avgt_as service failed to start due to the following error: %%3
Error - 4/5/2009 1:59:32 PM | Computer Name = HELEN | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3
Error - 4/5/2009 2:24:43 PM | Computer Name = HELEN | Source = Service Control Manager | ID = 7000
Description = The Avgt_as service failed to start due to the following error: %%3
Error - 4/5/2009 2:24:43 PM | Computer Name = HELEN | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3
< End of report >
Here's my Rooter log:
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2
A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:157057 Mo/Free:1006 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)
Sun 04/05/2009| 9:45
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\COMODO\SafeSurf\cssurf.exe
--Locked-- cmdagent.exe
--Locked-- cfp.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\SOUNDMAN.EXE
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Program Files\AIM6\aim6.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\Program Files\AIM6\aolsoftware.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\WINDOWS\system32\control.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
1 - "C:\Rooter$\Rooter_1.txt" - Sun 04/05/2009| 9:46