Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Slowdown - Internet Slowdown too


  • Please log in to reply

#1
ttbcs

ttbcs

    Member

  • Member
  • PipPip
  • 71 posts
Not sure if there is a Malware problem or not. I am hoping for trained eye to help.

Malwarebytes' Anti-Malware 1.40
Database version: 2711
Windows 5.1.2600 Service Pack 3

8/28/2009 5:46:53 PM
mbam-log-2009-08-28 (17-46-53).txt

Scan type: Quick Scan
Objects scanned: 141193
Time elapsed: 9 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\gamevancetext.linker (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gamevancetext.linker.1 (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/29 14:16
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB4D77000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5E0000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP9156
Image Path: \Driver\PCI_PNP9156
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB36F4000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: spun.sys
Image Path: spun.sys
Address: 0xB9EA6000 Size: 1052672 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5010f4a

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de76b8

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5010454

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5010aee

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de7574

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5010132

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb50121d6

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb50124ae

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb500fcf8

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5011130

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de7a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de714c

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spun.sys" at address 0xb9ec5ca4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spun.sys" at address 0xb9ec6032

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5011e58

#: 105 Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb50106d8

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5010d32

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de764e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de708c

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5010968

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de70f0

#: 160 Function Name: NtQueryKey
Status: Hooked by "spun.sys" at address 0xb9ec610a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de776e

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb501188c

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5010250

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de772e

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5011bf4

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5012006

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de78ae

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5010672

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb501085c

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xb4ea40b0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb500feca

==EOF==
OTL logfile created on: 8/29/2009 2:30:46 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Big Momma\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4880 4880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.14 Gb Total Space | 151.08 Gb Free Space | 66.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DGQSQS91
Current User Name: Big Momma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/08/27 18:47:26 | 00,715,392 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2009/08/17 08:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 09:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2001/11/23 01:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe
PRC - [2001/12/13 01:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brss01a.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2003/05/05 20:30:22 | 00,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\Brmfrmps.exe
PRC - [1999/12/13 05:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 11:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/19 21:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007/08/09 00:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2006/09/07 14:24:34 | 00,086,016 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
PRC - [2009/08/17 09:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 09:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/04/13 17:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/09/07 14:23:18 | 00,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2009/08/17 09:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/08/27 18:48:52 | 01,796,368 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2007/03/09 20:21:11 | 01,591,808 | ---- | M] (YourWare Solutions ™) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2009/08/07 18:47:37 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2003/08/29 19:05:35 | 00,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 00,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2009/08/28 16:22:13 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Big Momma\My Documents\Downloads\OTL.exe
PRC - [2009/02/06 03:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/17 08:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/08/17 09:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 09:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/17 09:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2003/05/05 20:30:22 | 00,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps [Auto | Running])
SRV - [2001/11/23 01:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/08/27 18:47:26 | 00,715,392 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - [2006/04/12 09:55:05 | 00,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service [On_Demand | Stopped])
SRV - [1999/12/13 05:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 11:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/03 14:53:08 | 00,033,176 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2009/03/24 05:41:13 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/08/05 11:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Stopped])
SRV - [2003/06/19 21:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 02:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2005/05/03 22:04:28 | 09,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ [Disabled | Stopped])
SRV - [2005/05/03 20:50:28 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2004/11/19 09:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/09/17 09:07:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2003/07/28 10:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/08/09 00:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2005/05/03 19:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ [Disabled | Stopped])
SRV - [2006/09/07 14:24:34 | 00,086,016 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.co...l={SUB_RFC1766}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.att.net

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-us.start.m...en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.0
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.2.0.2
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..extensions.enabledItems: {d3d70bca-2d54-425e-b02c-b7e2f4b07688}:3.5


FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/30 17:32:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/22 19:32:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/25 11:01:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/08 12:05:59 | 00,000,000 | ---D | M]

[2008/07/01 17:08:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Extensions
[2008/07/01 17:08:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/29 14:29:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions
[2009/07/01 19:28:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/28 09:40:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/06/10 15:16:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/07/22 18:07:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2009/01/24 11:00:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009/08/26 18:03:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/22 18:05:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}
[2008/08/25 19:32:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\[email protected]
[2007/10/23 17:00:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\[email protected]
[2008/05/28 10:51:35 | 00,001,643 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\isohuntBT.xml
[2006/05/13 17:07:22 | 00,000,228 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R00##astalavista.png
[2009/08/26 21:09:10 | 00,001,100 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R00%23%23astalavista.xml
[2006/05/06 08:50:02 | 00,000,746 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R01##IMDB.png
[2008/06/27 15:59:14 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R01%23%23IMDB.xml
[2006/05/13 17:13:20 | 00,000,465 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R02##vkol.png
[2006/05/06 08:50:05 | 00,000,232 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R03##wikipedia.png
[2008/06/27 15:59:15 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R03%23%23wikipedia.xml
[2008/06/27 15:59:15 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\webster.xml
[2009/08/29 14:29:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/12/27 21:08:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/08/08 12:05:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/15 15:25:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/06/22 19:33:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/16 21:43:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/08/08 12:05:51 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/08 12:05:51 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2004/11/12 20:36:20 | 00,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/05/13 09:45:30 | 00,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npgcplug.dll
[2006/10/30 15:44:02 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/08/08 12:05:52 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/09/10 12:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2007/06/29 14:30:43 | 00,147,456 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2009/07/01 19:48:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/01 19:48:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/01 19:48:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/01 19:48:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/01 19:48:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/01 19:48:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/01 19:48:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2005/04/27 13:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2008/09/10 12:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/09/15 12:52:06 | 00,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2005/08/09 11:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2007/03/09 16:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2009/07/22 18:39:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/22 18:39:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/22 18:39:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/22 18:39:40 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/22 18:39:40 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/22 18:39:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/22 18:39:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (303300 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10453 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDef.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to sgmain.exe.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: netdimensions.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Delicious%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.2.100.cab (CDownloadCtrl Object)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {444785F1-DE89-4295-863A-D46C3A781394} http://webplayer.uni...tyWebPlayer.cab (UnityWebPlayer Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1147151022421 (MUWebControl Class)
O16 - DPF: {7B62F6EE-D046-11D3-9C5E-0060082627F7} https://ccentmail1m..../TWDownload.cab (TWDownloader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai...0/Installer.exe (Virtools WebPlayer Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Delicious%202/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.250.1 209.210.150.8 67.136.243.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{f914441a-293d-11de-ae9c-001372c25cac}\Shell - "" = AutoRun
O33 - MountPoints2\{f914441a-293d-11de-ae9c-001372c25cac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f914441a-293d-11de-ae9c-001372c25cac}\Shell\AutoRun\command - "" = J:\EasySuite.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/08/29 11:31:20 | 00,001,717 | ---- | C] () -- C:\Documents and Settings\Big Momma\Desktop\sg_backup_2009-08-29-1131.spg
[2009/08/28 17:31:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Big Momma\Application Data\Malwarebytes
[2009/08/28 17:31:11 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/28 17:31:09 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/28 17:31:07 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/28 17:31:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/28 17:31:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/28 17:16:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/28 17:15:03 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Big Momma\Desktop\NTREGOPT.lnk
[2009/08/28 17:15:03 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Big Momma\Desktop\ERUNT.lnk
[2009/08/28 17:14:56 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/27 16:57:04 | 00,001,715 | ---- | C] () -- C:\Documents and Settings\Big Momma\Desktop\FirstBackup.spg
[2009/08/26 18:45:56 | 00,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI

========== Files - Modified Within 14 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/08/29 14:12:53 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/29 14:11:35 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/29 14:09:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/29 14:09:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/29 11:31:20 | 00,001,717 | ---- | M] () -- C:\Documents and Settings\Big Momma\Desktop\sg_backup_2009-08-29-1131.spg
[2009/08/28 17:31:11 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/28 17:15:03 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Big Momma\Desktop\NTREGOPT.lnk
[2009/08/28 17:15:03 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Big Momma\Desktop\ERUNT.lnk
[2009/08/28 17:15:00 | 00,000,398 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/08/27 18:52:21 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/08/27 18:52:15 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/08/27 18:52:10 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/08/27 18:52:09 | 00,132,168 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/08/27 16:57:04 | 00,001,715 | ---- | M] () -- C:\Documents and Settings\Big Momma\Desktop\FirstBackup.spg
[2009/08/27 16:38:36 | 00,000,802 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/27 16:38:36 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/27 16:38:36 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2009/08/27 16:35:40 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/26 18:45:56 | 00,000,130 | ---- | M] () -- C:\WINDOWS\cfplogvw.INI
[2009/08/26 14:20:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/17 09:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/17 09:06:54 | 00,093,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/17 09:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/17 09:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/17 09:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/17 09:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/17 09:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/17 09:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/17 09:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

========== LOP Check ==========

[2009/08/28 17:31:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/04/14 07:01:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/02/19 06:46:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/03/21 14:54:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Beanbag Studios
[2007/01/23 23:37:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother
[2009/04/28 20:12:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/10/21 14:42:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/01/09 07:54:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2006/10/30 17:17:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
[2007/09/26 18:07:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/04/22 20:10:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
[2006/04/24 15:34:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2009/03/21 09:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/06/29 14:30:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2007/01/23 23:38:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/04/22 18:57:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/08/27 16:42:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/02 10:45:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Traverse PC
[2006/06/03 20:21:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/04/22 19:21:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/06/29 10:53:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2008/12/03 21:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2008/06/06 10:38:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/08/28 17:31:15 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Big Momma\Application Data
[2007/03/05 10:22:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\acccore
[2007/04/23 20:45:25 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Big Momma\Application Data\Brother
[2006/04/12 10:07:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\Corel
[2006/04/19 17:16:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\Corel Photo Album
[2009/04/28 20:13:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\DAEMON Tools
[2009/04/28 20:13:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\DAEMON Tools Lite
[2006/06/18 22:26:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\DeskSoft
[2006/11/10 10:50:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\dvdcss
[2007/02/19 14:28:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\GetRightToGo
[2006/11/02 19:10:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\Incline Software
[2006/06/28 17:47:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\Leadertech
[2006/04/22 19:38:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\pe explorer
[2009/01/01 15:25:16 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Big Momma\Application Data\SecuROM
[2009/01/01 15:25:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\SPORE
[2007/03/27 16:55:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\System Requirements Lab
[2006/04/20 02:14:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\TrojanHunter
[2006/06/03 20:22:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\TuneUp Software
[2008/09/06 15:30:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\uTorrent
[2007/09/29 17:54:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\YanCEyDesktop
[2009/08/28 17:15:00 | 00,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2009/08/26 14:20:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/10 03:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/29 14:12:53 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/08/29 14:09:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDFF58FE
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943D6A82
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9F6664C
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1EFA64C2
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FBE0E9C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A71BB9C
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B52F176
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74699137
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BA09728
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:618849E3
< End of report >
OTL Extras logfile created on: 8/29/2009 2:30:46 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Big Momma\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4880 4880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.14 Gb Total Space | 151.08 Gb Free Space | 66.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DGQSQS91
Current User Name: Big Momma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Disabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}" = Brother MFL-Pro Suite
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18E0918E-1060-48f3-925C-56C82E88551B}" = HP PSC & OfficeJet 3.5
"{1AC91509-E17B-46F7-A032-B54DCCA6E8BB}" = Microsoft Flight Simulator X Photo Scenery Display Update
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22988B2A-374A-4A7B-B795-A1AFF2046BE9}" = PhotoGallery
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 15
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
"{47C25360-AEBC-4B21-B233-87CE653B3369}" = AIOMinimal
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{4E2CCBC7-6BBF-4907-9A33-C3BB77366863}" = Ancestral Quest Collaboration Support
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{55DCBED7-5710-4939-A928-4CBD9AB09EBB}" = 1310_Help
"{5786D2C8-A4C4-4DDB-B671-8ED2A53310EC}" = 1310Tour
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{62C71C1B-E0FB-11D4-9DB7-00B0D02AE94A}" = Personal Ancestral File 5 Lessons
"{6864A62D-3EF3-415F-9922-240EED34B4C0}" = Fax
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A136B9A-1895-436F-83F8-30D9C68BB6EA}" = Rhapsody Player Engine
"{6D1A0AB3-832B-4966-8A24-5A9A65CF9FFC}" = Ancestral Quest 11
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EE25F37-E4EC-44BD-8382-65BB3312BAE0}" = TPC Desktop 2008
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{91AFACB3-CA46-4C1E-AF2D-F72EE0B112E4}" = Personal Ancestral File Companion 5.2
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{99D48FBB-2DEF-49A9-BCC9-C5AF63DD2643}" = AiOSoftware
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEC20FEC-47D8-4DEA-85D7-0B7E5D905D11}" = AiO_Scan
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = AusLogics Registry Defrag
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E443F067-3345-482C-BD7A-12675A53D292}" = Readme
"{E5E6E687-1033-BA7E-6000-000000000001}" = Adobe Acrobat Elements 6.0
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F650704B-D32D-493F-B0C1-CB064782D19E}" = Dell Power Applet Update
"{F730A60D-F6DA-4653-9C6E-548F7A3A5EE0}" = 1310Trb
"{F9B0968A-810E-484C-B81D-7F19DC2CBBF5}" = 1310
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"AT&T Connection Services Software" = AT&T Worldnet Service
"avast!" = avast! Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Brother 1440" = Brother 1440
"BROWNIE" = Brownie
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"CloneCD" = CloneCD
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"COMODO Internet Security" = COMODO Internet Security
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Deer Hunter 2005_is1" = Deer Hunter - The 2005 Season
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"filehippo.com" = filehippo.com Update Checker
"GameSpy Arcade" = GameSpy Arcade
"Golive2 Sphere 1.0.3" = Golive2 Sphere 1.0.3
"HP Photo & Imaging" = HP Image Zone 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IGN Download Manager" = IGN Download Manager 2.3.2
"InstallShield_{4E2CCBC7-6BBF-4907-9A33-C3BB77366863}" = Ancestral Quest Collaboration Support
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.4
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PDF-XChange 3_is1" = PDF-XChange 3.0
"Picasa 3" = Picasa 3
"PopCap Browser Plugin" = PopCap Browser Plugin
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime 3.0" = QuickTime 3.0
"RealArcade 1.2" = RealArcade
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
"SprintMusicManagerA" = Sprint music manager
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Study Helpers Spelling Bee" = Study Helpers Spelling Bee
"SysInfo" = Creative System Information
"System Requirements Lab" = System Requirements Lab
"TCPMP" = TCPMP
"Traverse PC PDF" = Traverse PC PDF
"Trophy Hunter 2003_is1" = Trophy Hunter 2003 - Rocky Mountain Adventures
"UnityWebPlayer" = Unity Web Player
"UnixUtils for Yahoo! Widgets" = Unix Utilities for Yahoo! Widgets
"VLC media player" = VLC media player 0.9.9
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Writer_Scripts" = Writer's Scripts
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Widget Engine" = Yahoo! Widgets
"YanCEyDesktop" = YanCEyDesktop
"YanCEyWare Reader 2.51" = YanCEyWare Reader 2.51
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{6D1A0AB3-832B-4966-8A24-5A9A65CF9FFC}" = Ancestral Quest 11

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 8/16/2009 11:22:51 AM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\BIGMOM~1\LOCALS~1\TEMP\~DF334.TMP failed, 00000005.

Error - 8/27/2009 8:23:44 AM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\BIG MOMMA\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\INTERNET
EXPLORER\RECOVERY\ACTIVE\RECOVERYSTORE.{AFB08064-92A6-11DE-AF4B-001372C25CAC}.DAT
failed, 00000005.

Error - 8/27/2009 8:23:45 AM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\BIG MOMMA\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\INTERNET
EXPLORER\RECOVERY\ACTIVE\{AFB08065-92A6-11DE-AF4B-001372C25CAC}.DAT failed, 00000005.


Error - 8/29/2009 1:06:39 PM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\BIG MOMMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PF2AIGHO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}\DEFAULTS\PREFERENCES\ADBLOCKPLUS.JS
failed, 00000005.

Error - 8/29/2009 1:06:40 PM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\BIG MOMMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PF2AIGHO.DEFAULT\EXTENSIONS\[email protected]\DEFAULTS\PREFERENCES\ADDICTIVETYPINGLESSONSPREFERENCES.JS
failed, 00000005.

Error - 8/29/2009 1:06:40 PM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\BIG MOMMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PF2AIGHO.DEFAULT\EXTENSIONS\{77B819FA-95AD-4F2C-AC7C-486B356188A9}\DEFAULTS\PREFERENCES\IETAB.JS
failed, 00000005.

Error - 8/29/2009 1:06:40 PM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\BIG MOMMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PF2AIGHO.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}\DEFAULTS\PREFERENCES\DEFAULTS.JS
failed, 00000005.

Error - 8/29/2009 1:06:40 PM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\BIG MOMMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PF2AIGHO.DEFAULT\EXTENSIONS\[email protected]\DEFAULTS\PREFERENCES\NUMPADPREFERENCES.JS
failed, 00000005.

Error - 8/29/2009 1:06:40 PM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\BIG MOMMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PF2AIGHO.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}\DEFAULTS\PREFERENCES\PREFS.JS
failed, 00000005.

Error - 8/29/2009 1:06:40 PM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\BIG MOMMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PF2AIGHO.DEFAULT\EXTENSIONS\{95F24680-9E31-11DA-A746-0800200C9A66}\DEFAULTS\PREFERENCES\DEFAULTS.JS
failed, 00000005.

[ Application Events ]
Error - 7/23/2009 3:06:31 PM | Computer Name = DGQSQS91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 7/23/2009 4:42:30 PM | Computer Name = DGQSQS91 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3483, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/23/2009 4:43:14 PM | Computer Name = DGQSQS91 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3483, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/23/2009 4:43:44 PM | Computer Name = DGQSQS91 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3483, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/23/2009 4:43:46 PM | Computer Name = DGQSQS91 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3483, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/24/2009 2:32:53 AM | Computer Name = DGQSQS91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/31/2009 1:26:21 AM | Computer Name = DGQSQS91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,
P10 NIL.

Error - 8/7/2009 8:20:33 PM | Computer Name = DGQSQS91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,
P10 NIL.

Error - 8/13/2009 3:00:44 PM | Computer Name = DGQSQS91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,
P10 NIL.

Error - 8/29/2009 2:10:04 PM | Computer Name = DGQSQS91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/29/2009 5:08:42 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7034
Description = The Creative Service for CDROM Access service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/29/2009 5:08:42 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7031
Description = The Media Center Receiver Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.

Error - 8/29/2009 5:08:42 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7034
Description = The Media Center Scheduler Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/29/2009 5:08:42 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/29/2009 5:08:42 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 8/29/2009 5:08:42 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/29/2009 5:08:42 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7034
Description = The SigmaTel Audio Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 8/29/2009 5:10:19 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7002
Description = The BrPar service depends on the Parallel arbitrator group and no
member of this group started.

Error - 8/29/2009 5:10:19 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 8/29/2009 5:10:19 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058


< End of report >
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello ttbcs

Welcome to G2Go. :)
=====================
What exactly are your symptoms right now with the system?
  • 0

#3
ttbcs

ttbcs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Everything has seemed a bit slow. I'm not sure if it is just normal or if I have a problem. I worry about malware and I was hoping someone could go through the post and see if anything looked awry.
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes the only thing I see wrong is this:

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

you have an internet security suite and an active antivirus program as well.

Please uninstall the Comodo security suite.
If you are using it as a firewall then you can download just a firewall from:
Here is a free one to use.

Online Armor Free.

This link will explain how to use firewalls to better understand them, Firewall tutorial
==============
Do that reboot then it should be a bit faster.
  • 0

#5
ttbcs

ttbcs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
I installed avast! as an anti-virus tool and comodo just for firewall. Apparently I did something wrong.
Do you recommend Online Armor over Comodo? I installed as per the advise of this post.
http://www.geekstogo...ftware-t38.html

If comodo is acceptable, do I need to modify it's protection in some way to act only as a personal firewall.

thank-you for your advise
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes Comodo also comes with an internet security suite.
But that includes a firewall you will have to uncheck the security suite option when you install Comodo.

Any firewall will do but at this point you have an Antivrus and an Internet Security Suite running at the same time.
This will cause some problems that you are having.
  • 0

#7
ttbcs

ttbcs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
I have uninstalled Comodo and installed Online Armor Free - should I repost scan information to verify?
I didn't have time last night to see if things were faster, I'll let you know.
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Sure
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0

#9
ttbcs

ttbcs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
OTL logfile created on: 9/16/2009 4:39:18 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Big Momma\My Documents\Downloads\Geekstogo
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4989 4989 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.14 Gb Total Space | 156.80 Gb Free Space | 68.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DGQSQS91
Current User Name: Big Momma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)
PRC - C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\WINDOWS\System32\brsvc01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\System32\brss01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\Brmfrmps.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\WINDOWS\sttray.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Tall Emu\Online Armor\OAhlp.exe (Tall Emu)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()
PRC - C:\Documents and Settings\Big Momma\My Documents\Downloads\Geekstogo\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (brmfrmps [Auto | Running]) -- C:\WINDOWS\System32\Brmfrmps.exe (Brother Industries, Ltd.)
SRV - (Brother XP spl Service [Auto | Running]) -- C:\WINDOWS\System32\brsvc01a.exe (brother Industries Ltd)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Labs Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (DSBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [On_Demand | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Disabled | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McrdSvc [Auto | Stopped]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MHN [Disabled | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (MSSQL$MICROSOFTSMLBIZ [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (OAcat [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (SQLAgent$MICROSOFTSMLBIZ [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (STacSV [Auto | Running]) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe (SigmaTel, Inc.)
SRV - (SvcOnlineArmor [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (BrPar [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)
DRV - (BrScnUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (BrSerIf [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (CTUSFSYN [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (FsVga [System | Running]) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (OADevice [System | Running]) -- C:\WINDOWS\System32\drivers\OADriver.sys (Tall Emu)
DRV - (OAmon [System | Running]) -- C:\WINDOWS\System32\drivers\OAmon.sys (Tall Emu)
DRV - (OAnet [System | Running]) -- C:\WINDOWS\System32\drivers\OAnet.sys (Tall Emu Pty Ltd)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfng32 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\sfng32.sys (Sonic Focus, Inc)
DRV - (sigfilt [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\sigfilt.sys (Creative Technology Ltd.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbbus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (UsbDiag [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (wceusbsh [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (WinDriver6 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\windrvr6.sys (Jungo)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.co...l={SUB_RFC1766}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.att.net

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.0
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.2.0.2
FF - prefs.js..extensions.enabledItems: {DAD0F81A-CF67-4eed-98D6-26F6E47274CA}:1.3
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..extensions.enabledItems: {d3d70bca-2d54-425e-b02c-b7e2f4b07688}:3.5
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0


FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/30 17:32:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/02 20:53:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/11 13:48:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/11 13:48:02 | 00,000,000 | ---D | M]

[2008/07/01 17:08:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Extensions
[2008/07/01 17:08:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/16 16:24:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions
[2009/07/01 19:28:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/28 09:40:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/06/10 15:16:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/07/22 18:07:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2009/08/31 17:30:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009/08/26 18:03:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/22 18:05:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}
[2009/08/31 17:30:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA}
[2008/08/25 19:32:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\[email protected]
[2007/10/23 17:00:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\[email protected]
[2008/05/28 10:51:35 | 00,001,643 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\isohuntBT.xml
[2006/05/13 17:07:22 | 00,000,228 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R00##astalavista.png
[2009/09/13 11:49:00 | 00,001,100 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R00%23%23astalavista.xml
[2006/05/06 08:50:02 | 00,000,746 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R01##IMDB.png
[2008/06/27 15:59:14 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R01%23%23IMDB.xml
[2006/05/13 17:13:20 | 00,000,465 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R02##vkol.png
[2006/05/06 08:50:05 | 00,000,232 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R03##wikipedia.png
[2008/06/27 15:59:15 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R03%23%23wikipedia.xml
[2008/06/27 15:59:15 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\webster.xml
[2009/09/16 16:24:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/12/27 21:08:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/11 13:48:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/15 15:25:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/06/22 19:33:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/02 20:54:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/09/11 13:47:55 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/11 13:47:55 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2004/11/12 20:36:20 | 00,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2009/09/02 20:53:48 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/31 18:20:16 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2008/05/13 09:45:30 | 00,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npgcplug.dll
[2006/10/30 15:44:02 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/09/11 13:47:57 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/09/10 12:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2007/06/29 14:30:43 | 00,147,456 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2009/08/31 18:19:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/08/31 18:19:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/08/31 18:19:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/08/31 18:19:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/08/31 18:19:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/08/31 18:19:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2005/04/27 13:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2008/09/10 12:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/09/15 12:52:06 | 00,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2005/08/09 11:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2007/03/09 16:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2009/07/22 18:39:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/22 18:39:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/22 18:39:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/22 18:39:40 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/22 18:39:40 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/22 18:39:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/22 18:39:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (303300 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10453 more lines...
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDef.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to sgmain.exe.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: netdimensions.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Delicious%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.2.100.cab (CDownloadCtrl Object)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {444785F1-DE89-4295-863A-D46C3A781394} http://webplayer.uni...tyWebPlayer.cab (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1147151022421 (MUWebControl Class)
O16 - DPF: {7B62F6EE-D046-11D3-9C5E-0060082627F7} https://ccentmail1m..../TWDownload.cab (TWDownloader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai...0/Installer.exe (Virtools WebPlayer Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Delicious%202/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.136.243.254 209.210.150.8
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{f914441a-293d-11de-ae9c-001372c25cac}\Shell - "" = AutoRun
O33 - MountPoints2\{f914441a-293d-11de-ae9c-001372c25cac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f914441a-293d-11de-ae9c-001372c25cac}\Shell\AutoRun\command - "" = J:\EasySuite.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/14 20:22:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Big Momma\Application Data\OnlineArmor
[2009/09/14 20:22:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/09/14 20:22:12 | 00,200,784 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2009/09/14 20:22:12 | 00,029,776 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2009/09/14 20:22:12 | 00,024,656 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2009/09/14 20:22:11 | 00,000,000 | ---D | C] -- C:\Program Files\Tall Emu
[2009/09/14 20:09:44 | 00,006,020 | ---- | C] () -- C:\Documents and Settings\Big Momma\My Documents\cc_20090914_200938.reg
[2009/09/08 19:32:21 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/02 21:17:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/09/02 21:10:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/09/02 21:00:27 | 00,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2009/09/02 21:00:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2009/09/02 20:54:02 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/02 20:54:02 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/02 20:54:02 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/02 20:54:02 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/09/02 20:53:43 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/08/31 18:24:31 | 00,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2009/08/31 18:21:03 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/08/31 18:20:31 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2009/08/31 18:20:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Big Momma\Application Data\Foxit
[2009/08/31 18:18:53 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2009/08/31 17:36:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Big Momma\Local Settings\Application Data\AOL
[2009/08/29 17:26:40 | 00,001,717 | ---- | C] () -- C:\Documents and Settings\Big Momma\Desktop\FirstBackup.spg
[2009/08/28 17:31:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Big Momma\Application Data\Malwarebytes
[2009/08/28 17:31:09 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/28 17:31:07 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/28 17:31:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/28 17:31:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/28 17:16:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/28 17:15:03 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Big Momma\Desktop\NTREGOPT.lnk
[2009/08/28 17:15:03 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Big Momma\Desktop\ERUNT.lnk
[2009/08/28 17:14:56 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/26 18:45:56 | 00,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/07/03 18:03:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\netMedic.INI
[2009/07/03 17:59:19 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\vshook.dll
[2009/04/22 22:12:51 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/22 22:12:48 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/04/22 22:12:47 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/22 22:12:47 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/22 22:12:46 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/04/22 22:12:45 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/22 22:12:45 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/02/08 17:30:39 | 00,000,031 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/10/01 15:39:59 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/04/09 16:44:54 | 00,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2007/04/09 16:44:54 | 00,000,024 | ---- | C] () -- C:\WINDOWS\brqikmon.ini
[2007/01/23 23:40:54 | 00,001,180 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/01/23 23:40:54 | 00,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/01/23 23:38:44 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/01/23 23:02:40 | 00,000,059 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/01/23 23:02:40 | 00,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2007/01/23 23:02:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Brohl144.ini
[2007/01/23 23:02:35 | 00,000,491 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/01/23 23:02:34 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/01/23 23:01:36 | 00,000,312 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2007/01/23 23:01:36 | 00,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007/01/23 23:01:36 | 00,000,105 | ---- | C] () -- C:\WINDOWS\brpp2ka.ini
[2007/01/23 23:01:36 | 00,000,026 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/01/23 23:00:55 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/01/23 23:00:55 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\BRVPDNTA.DLL
[2007/01/23 23:00:54 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2007/01/23 23:00:54 | 00,011,568 | ---- | C] () -- C:\WINDOWS\HL-1440.INI
[2007/01/23 23:00:54 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2006/12/21 19:57:22 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/28 18:02:19 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/30 17:14:33 | 00,000,113 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/10/22 12:22:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/10 21:40:30 | 00,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2006/10/10 21:40:20 | 00,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2006/08/24 09:52:26 | 00,000,285 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/06/19 21:58:56 | 00,000,373 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/06/19 21:58:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/05/13 08:34:28 | 00,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2006/05/01 07:19:02 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/24 20:28:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/04/19 17:16:02 | 00,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/19 17:16:02 | 00,000,104 | RHS- | C] () -- C:\WINDOWS\System32\5CAC6F9899.sys
[2006/04/18 18:41:19 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/12 10:15:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/12 10:09:52 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/12 10:00:15 | 00,000,487 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/12 09:55:33 | 00,005,872 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/04/12 09:52:06 | 00,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini
[2006/04/12 09:52:06 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/04/12 09:29:44 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 06:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 02:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 02:18:43 | 00,000,802 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 02:18:41 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 12:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/19 11:54:00 | 01,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2004/02/25 23:18:04 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 13:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/05 18:51:00 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2002/03/04 11:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1997/11/10 15:18:48 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Files - Modified Within 30 Days ==========

[2009/09/16 16:39:19 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/16 16:37:03 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/16 16:36:47 | 00,246,277 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/09/16 16:36:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/16 16:36:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/14 20:22:40 | 00,083,108 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx
[2009/09/14 20:22:26 | 00,456,914 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/14 20:22:26 | 00,078,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/14 20:09:47 | 00,006,020 | ---- | M] () -- C:\Documents and Settings\Big Momma\My Documents\cc_20090914_200938.reg
[2009/09/13 11:57:59 | 00,000,130 | ---- | M] () -- C:\WINDOWS\cfplogvw.INI
[2009/09/11 17:15:00 | 00,000,398 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/09/02 21:23:26 | 00,308,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/02 21:18:17 | 00,095,984 | ---- | M] () -- C:\Documents and Settings\Big Momma\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/02 20:53:47 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/02 20:53:47 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/02 20:53:47 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/09/02 20:53:46 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/09/02 20:53:46 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/02 20:50:40 | 00,001,632 | ---- | M] () -- C:\Documents and Settings\Big Momma\Desktop\Update Checker.lnk
[2009/09/01 12:20:16 | 00,000,802 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/31 17:50:58 | 00,000,915 | ---- | M] () -- C:\Documents and Settings\Big Momma\My Documents\My Sharing Folders.lnk
[2009/08/30 20:54:43 | 00,000,209 | -HS- | M] () -- C:\boot.ini
[2009/08/30 20:54:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/29 17:26:40 | 00,001,717 | ---- | M] () -- C:\Documents and Settings\Big Momma\Desktop\FirstBackup.spg
[2009/08/28 17:15:03 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Big Momma\Desktop\NTREGOPT.lnk
[2009/08/28 17:15:03 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Big Momma\Desktop\ERUNT.lnk
[2009/08/28 14:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/08/27 16:35:40 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDFF58FE
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943D6A82
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9F6664C
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1EFA64C2
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FBE0E9C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A71BB9C
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B52F176
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74699137
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BA09728
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:618849E3
< End of report >
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Looks good uninstall Ask then reboot and delete this folder:
C:\Program Files\AskBarDis

Delete\uninstall anything else that we have used that is leftover.

=====================================
After that your all set. :)


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP