[heated]

Hi, this is the fourth time that I've tried to post this, but I keep having problems.
*First powered on comp., a few pop-ups opened through IE8; I use Firefox, normally, so if there's anything that has to do w/ IE, I'll need help;
* When I 1st thought that there might be a problem, I checked the status of the Firewall; it was turned off
* CPU usage is abnormally high 85%-100% on average.
* AVG 8.5 will not scan @ all. ; neither will other programs I have tried, like Malwarebytes, Spybot, etc.
* Trouble installing new programs; If program installs, then it will usually freeze computer or close out of program almost as soon as it begins.
* AVG Resident Shild notified me of Generic14.BAFX Trojan yesterday, more than once.
There are quite a few processes which are running, under T.M., that look fishy. I don't want to close them w/o knowing what each one does, so if anyone is familiar with which seem off, please let me know.

I'm not sure if this is significant or part of the programs, but I've noticed "Outlook" items (which I don't ever use) unins000.msg & unins000.dat in Spybot and Malwarebytes folders. Microsoft Outlook also appeared in my Start menu as a recently used app. and I remembered seeing another Outlook file somewhere else, which seemed odd.

Please advise me of what to do... Everytime I've tried to install and run one of the programs from the "Mal & Spy Clean Guide," I've had issues. I've been pulling out my hair the last 3 days. Thank you in advance for your time, patience, & advice... Now, someone please help me!! lol

---------------------------------------------------------

This is the only log I was able to run, so far with Win32kDiag:

Starting up...
Running from: C:\Program Files\Antivirus\Win32kDiag.exe
Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZA
P812.tmp\ZAP812.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZA
P8FF.tmp\ZAP8FF.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZA
P92A.tmp\ZAP92A.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZA
P966.tmp\ZAP966.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZA
PC9.tmp\ZAPC9.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Debug\UserMode\UserMode
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ftpcache\ftpcache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F2
31838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\50512592984F
2284DAAF236CED4E1F41\8.0.6\8.0.6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\52CB9D6ECBD0
8634E8A4D7EE0866C19D\8.0.148\8.0.148
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\AC1F0757D610
CA645B68DC4746E5BF25\8.0.211\8.0.211
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3
D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\FC62732BFB86
6A144ABE271FF278EF50\8.0.63\8.0.63
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary
ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary
ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporar
y ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Minidump\Minidump
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\mui\mui
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\ErrorRep\UserDumps\UserDumps
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoi
nt
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKU
s
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Do
wnloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f0c4
3c883b45dd5bc3e231479dfed214\f0c43c883b45dd5bc3e231479dfed214
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2004-08-04 00:56:42 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (
Microsoft Corporation)
[1] 2008-04-13 17:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Mic
rosoft Corporation)
[1] 2008-04-13 17:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()
[2] 2008-04-13 17:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corpor
ation)

Cannot access: C:\WINDOWS\system32\hkcmd.exe
[1] 2002-10-16 07:05:58 114688 C:\WINDOWS\system32\hkcmd.exe ()
[1] 2002-10-16 07:05:58 114688 C:\WINDOWS\system32\ReinstallBackups\0003\DriverF
iles\hkcmd.exe (Intel Corporation)

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18
e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.507
27.1433_x-ww_5cf844d2
Mount point destination : \Device\__max++>\^

Finished! Press any key to exit...
------------------------------------------

The Screen was taken when the computer seemed "calm." When I opened up on tab on IE, there were about 4 diff. iexplore.exe apps, using far more mem.

Attached Thumbnails

• 

Edited by heated, 21 September 2009 - 11:28 AM.

[Advertisements]

Hello heated !

Welcome to the site! My nickname is heir and I'll be helping clean up your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

• To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
• Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
• When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
• Make sure you reply to this thread using the Add Reply button:

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

Let's get going then.

Step 1.
exeHelper:

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Step 2.
ComboFix:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 2
Link 3





--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt .

Step 3.
Win32kDiag:

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"C:\Program Files\Antivirus\Win32kDiag.exe" -f -r

Step 4.
Things I would like to see in your reply:

• The content of log.txt from step 1.
• The content of C:\ComboFix.txt from step 2.
• The content of Win32kDiag.txt from step 3.

[heir]

Hello heated !

Welcome to the site! My nickname is heir and I'll be helping clean up your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

• To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
• Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
• When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
• Make sure you reply to this thread using the Add Reply button:

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

Let's get going then.

Step 1.
exeHelper:

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Step 2.
ComboFix:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 2
Link 3





--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt .

Step 3.
Win32kDiag:

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"C:\Program Files\Antivirus\Win32kDiag.exe" -f -r

Step 4.
Things I would like to see in your reply:

• The content of log.txt from step 1.
• The content of C:\ComboFix.txt from step 2.
• The content of Win32kDiag.txt from step 3.

[heated]

[quote name='heir' date='Sep 21 2009, 11:47 AM' post='1646003']
Hello heated !

Welcome to the site! :wave: My nickname is heir and I'll be helping clean up your computer. :)

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


Thank You for helping, Heir, but when I tried to d/l Exehelper, an alert pops up and says exeHelper.com is not a valid Win32 application. Then, the "Web Shield" says that the accessed file is infected; which won't let me run exehelper
Then this pops up: Can I over-ride that and run the program?

Attached Thumbnails

• 

Edited by heated, 21 September 2009 - 01:03 PM.

[heir]

Can I over-ride that and run the program?

Yes do that.

[heated]

I'm sorry... I can't figure out how to over-ride it. It's not giving me an option to run exehelper...

"exeHelper.com is not a valid Win32 application"


Is there any way around it? The notification only lets me click ok, which doesn't do anything.

Attached Thumbnails

• 

Edited by heated, 21 September 2009 - 02:12 PM.

[heir]

Let's do it a bit different then.
Ignore all previous steps and do this.

Step 1.
Copy file:

To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

@echo off
copy C:\WINDOWS\ServicePackFiles\i386\eventlog.dll C:\
del cp.bat and exit

Save it to your desktop as File name: cp.bat
Save as type: All Files


Once done, double click cp.bat to run it. A command window will open briefly, then close. This is quite normal.

Step 2.
Replace systemfile:

1. Please download The Avenger by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
• Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Files to move:
C:\eventlog.dll | C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
• You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
• Click on Execute
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

Step 3.
win32kDiag:

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"C:\Program Files\Antivirus\Win32kDiag.exe" -f -r

Step 4.
Things I would like to see in your reply:

• The content of C:\avenger.txt from step 2.
• The content of Win32kDiag.txt from step 3.

Edited by heir, 21 September 2009 - 04:42 PM.
other approach

[heated]

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\eventlog.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.


-------------------

Running from: C:\Program Files\Antivirus\Win32kDiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

(The Win32kDiag Log showed more when the log finished, but I accidentally hit "Ctrl" (right before I saw "hit any button to exit" or something) and that ^ is all that was left... Can I pull up the results from before? I'm sorry if this causes any more problems... Thanks again for all the assistance.

Edited by heated, 21 September 2009 - 08:50 PM.

[heir]

Can I pull up the results from before?

No

Let's move on.

Delete Combo-Fix.exe from your desktop.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 2
Link 3





--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt .

[heated]

I installed and began to run ComboFix, as you said. However, on the second and third pop-ups, I got these two messages.
I tried to close AVG, but it still runs in the background. The help menu also says that by closing it, you are only closing the interface, while the program continues to run in the background.
Is there a way to completely shut down AVG, so that I can run ComboFix w/ minimal potential for damage?

Attached Thumbnails

• 

[heir]

Here is a link to how to disable security programs.

Did you disable it that way?

[heated]

I don't know exactly what I did, but it finally shut off. Thank you for the link. *note* some people in that thread also seemed to have the same issue w/ AVG that I did. Here's the log:

***********************************

ComboFix 09-09-22.02 - Owner 09/22/2009 15:53.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.64 [GMT -7:00]
Running from: c:\program files\Antivirus\Combo-Fix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3122394580-1076373261-3069008033-1003
c:\windows\system32\a.exe
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\nsl1DD.dll
c:\windows\system32\ps2.bat
D:\Autorun.inf
H:\360&720waves.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 )))))))))))))))))))))))))))))))
.

2009-09-21 05:18 . 2009-09-21 05:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-09-21 01:51 . 2009-09-21 01:52 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2009-09-21 01:51 . 2009-09-21 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2009-09-18 23:18 . 2009-09-22 00:36 0 ----a-w- c:\windows\win32k.sys
2009-09-18 22:42 . 2009-09-19 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-18 22:39 . 2009-09-18 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-16 06:41 . 2009-09-16 06:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
2009-09-09 20:06 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-03 14:16 . 2009-09-03 14:16 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-09-01 23:34 . 2007-04-09 16:56 21248 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2009-09-01 23:34 . 2007-04-09 16:55 22912 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2009-09-01 23:34 . 2007-04-09 16:53 12672 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2009-09-01 23:33 . 2009-09-01 23:33 -------- d-----w- c:\program files\LG Electronics

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 22:42 . 2008-03-06 21:11 -------- d-----w- c:\program files\Antivirus
2009-09-22 19:23 . 2009-02-03 04:02 0 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2009-09-21 04:26 . 2008-06-01 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-18 18:54 . 2007-03-05 09:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-15 06:51 . 2008-03-29 06:14 -------- d-----w- c:\documents and settings\Owner\Application Data\tor
2009-09-15 06:51 . 2008-03-29 06:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Vidalia
2009-09-10 22:49 . 2006-05-20 13:09 47304 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 04:45 . 2009-09-07 04:45 46 ----a-w- c:\documents and settings\Owner\Application Data\MTC-savedfolder.dat
2009-09-01 23:33 . 2003-01-24 14:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-16 21:29 . 2009-08-16 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\OrbNetworks
2009-08-15 00:36 . 2006-05-20 15:34 -------- d-----w- c:\program files\NCH Swift Sound
2009-08-11 20:22 . 2007-05-20 22:03 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-08-05 09:01 . 2003-02-07 12:24 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-28 17:12 . 2008-06-01 02:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-28 17:12 . 2008-03-10 05:49 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-28 17:12 . 2008-06-01 02:04 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-19 02:50 . 2009-04-20 16:47 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-07-19 02:50 . 2009-04-20 16:46 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-07-19 02:49 . 2009-04-20 16:46 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-07-17 19:01 . 2003-02-07 12:47 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-11 08:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-02-24 21:26 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2003-02-07 12:49 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2003-02-07 12:25 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2003-02-07 12:24 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2003-02-07 12:24 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2003-02-07 12:24 136192 ----a-w- c:\windows\system32\msv1_0.dll
2008-01-26 07:16 . 2008-01-26 07:17 5708354 -c--a-w- c:\program files\Last.fm-1.4.2.59470.exe
2006-05-29 18:46 . 2006-05-29 18:46 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-04-22 03:10 . 2006-05-20 15:58 6642957 -c--a-w- c:\program files\ultra_qtconverter.exe
2003-09-30 02:23 . 2006-05-20 06:04 0 -csha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\Antivirus\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 18:58 1107200 ----a-w- c:\program files\Antivirus\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\Antivirus\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\Antivirus\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2002-12-12 798789]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-10-16 114688]
"WCOLOREAL"="c:\program files\Coloreal\coloreal.exe" [2002-11-27 131072]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"AVG8_TRAY"="c:\progra~1\ANTIVI~1\AVG8\avgtray.exe" [2009-09-18 2022680]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-05 160800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-28 17:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Last.fm Helper.lnk]
backup=c:\windows\pss\Last.fm Helper.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MemoKit.lnk]
backup=c:\windows\pss\MemoKit.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"h:\\Limewire\\LimeWire.exe"=
"c:\\Program Files\\Antivirus\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Antivirus\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Antivirus\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"h:\\Stream 2 Phone\\Orb\\bin\\Orb.exe"=
"h:\\Stream 2 Phone\\Orb\\bin\\OrbTray.exe"=
"h:\\Stream 2 Phone\\Orb\\bin\\OrbStreamerClient.exe"=
"h:\\Stream 2 Phone\\Orb\\bin\\xmltv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/31/2008 7:04 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/31/2008 7:04 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/31/2008 7:04 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\ANTIVI~1\AVG8\avgemc.exe [6/16/2009 10:41 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\ANTIVI~1\AVG8\avgwdsvc.exe [4/25/2009 7:01 PM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\ANTIVI~1\AVG8\avgfws8.exe [4/25/2009 7:02 PM 1370488]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/31/2008 6:59 PM 29208]
S2 mrtRate;mrtRate; [x]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/31/2008 6:59 PM 29208]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [1/21/2009 11:18 PM 33752]
S3 msCMTSrvc;Content Monitoring Tool;c:\windows\system32\msCMTSrvc.exe --> c:\windows\system32\msCMTSrvc.exe [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/30/2008 5:45 PM 33808]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2008-12-31 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2008-08-05 00:22]
c:\windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/home.html
uDefault_Search_URL = hxxp://srch-qus7.hpwis.com/
mSearch Bar = hxxp://srch-qus7.hpwis.com/
uSearchURL,(Default) = hxxp://rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - hxxp://download1.answers.com/pub/AnswersSetup.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\va5wxqlw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com
FF - component: c:\program files\Antivirus\AVG8\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
HKCU-Run-SpybotSD TeaTimer - c:\program files\Antivirus\Spybot - Search & Destroy\TeaTimer.exe
SafeBoot-svcWRSSSDK
AddRemove-ASIO4ALL - g:\asio4all v2\uninstall.exe
AddRemove-Flash to Video Encoder_is1 - g:\new folder\Flash to Video EncoderGeoVid\Flash to Video Encoder\unins000.exe
AddRemove-WinRAR archiver - g:\winrar\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-22 16:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
"ImagePath"="\??\c:\windows\system32\drivers\rootrepeal
[1].sys"


[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rootrepeal[1]]
"ImagePath"="\??\c:\windows\system32\drivers\rootrepeal
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4172007503-962097887-3732946033-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-4172007503-962097887-3732946033-1003\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:9b,02,a6,a7,ad,b8,a1,6f,4e,11,c9,35,1c,75,21,75,b0,bf,eb,a4,
66,94,a8,11,b2,bc,38,d1,89,81,23,b8,41,05,37,c0,1b,74,f5,75,a5,0b,c1,13,6f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(776)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\ANTIVI~1\AVG8\avgam.exe
c:\program files\Antivirus\AVG8\avgrsx.exe
c:\progra~1\ANTIVI~1\AVG8\avgnsx.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Antivirus\AVG8\avgcsrvx.exe
c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-22 16:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-22 23:21

Pre-Run: 9,130,573,824 bytes free
Post-Run: 9,056,010,240 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=,1,2,3,4
272 --- E O F --- 2009-09-10 03:32

[heir]

Let's continue.

Step 1.
CFSCript:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
"h:\\Limewire\\LimeWire.exe"=-
RegNull::
[HKEY_USERS\S-1-5-21-4172007503-962097887-3732946033-1003\Software\Microsoft\SystemCertificates\AddressBook*]
[HKEY_USERS\S-1-5-21-4172007503-962097887-3732946033-1003\Software\YourCompanyName\YourProductName\Version*]

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2.
OTL-scan:

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Standard Output.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Step 3.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 4.
Things I would like to see in your reply:

• The content of C:\ComboFix.txt from step 1.
• The content of OTL.txt and Extras.txt from step 2.
• The content of C:\lopR.txt from step 3.
• Information on how your computer is running now

[heated]

I'm about to begin working on Steps 3 & 4 right now... Here are the logs from Steps 1 & 2.

ComboFix 09-09-22.02 - Owner 09/23/2009 12:16.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.202 [GMT -7:00]
Running from: c:\program files\Antivirus\Combo-Fix.exe
Command switches used :: c:\program files\Antivirus\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((( Files Created from 2009-08-23 to 2009-09-23 )))))))))))))))))))))))))))))))
.

2009-09-21 05:18 . 2009-09-21 05:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-09-21 01:51 . 2009-09-21 01:52 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2009-09-21 01:51 . 2009-09-21 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2009-09-18 23:18 . 2009-09-22 00:36 0 ----a-w- c:\windows\win32k.sys
2009-09-18 22:42 . 2009-09-19 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-18 22:39 . 2009-09-18 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-16 06:41 . 2009-09-16 06:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
2009-09-09 20:06 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-03 14:16 . 2009-09-03 14:16 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-09-01 23:34 . 2007-04-09 16:56 21248 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2009-09-01 23:34 . 2007-04-09 16:55 22912 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2009-09-01 23:34 . 2007-04-09 16:53 12672 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2009-09-01 23:33 . 2009-09-01 23:33 -------- d-----w- c:\program files\LG Electronics

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 19:16 . 2008-03-06 21:11 -------- d-----w- c:\program files\Antivirus
2009-09-22 19:23 . 2009-02-03 04:02 0 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2009-09-21 04:26 . 2008-06-01 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-18 18:54 . 2007-03-05 09:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-15 06:51 . 2008-03-29 06:14 -------- d-----w- c:\documents and settings\Owner\Application Data\tor
2009-09-15 06:51 . 2008-03-29 06:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Vidalia
2009-09-10 22:49 . 2006-05-20 13:09 47304 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 04:45 . 2009-09-07 04:45 46 ----a-w- c:\documents and settings\Owner\Application Data\MTC-savedfolder.dat
2009-09-01 23:33 . 2003-01-24 14:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-16 21:29 . 2009-08-16 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\OrbNetworks
2009-08-15 00:36 . 2006-05-20 15:34 -------- d-----w- c:\program files\NCH Swift Sound
2009-08-11 20:22 . 2007-05-20 22:03 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-08-05 09:01 . 2003-02-07 12:24 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-28 17:12 . 2008-06-01 02:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-28 17:12 . 2008-03-10 05:49 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-28 17:12 . 2008-06-01 02:04 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-19 02:50 . 2009-04-20 16:47 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-07-19 02:50 . 2009-04-20 16:46 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-07-19 02:49 . 2009-04-20 16:46 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-07-17 19:01 . 2003-02-07 12:47 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-11 08:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-02-24 21:26 915456 ------w- c:\windows\system32\wininet.dll
2008-01-26 07:16 . 2008-01-26 07:17 5708354 -c--a-w- c:\program files\Last.fm-1.4.2.59470.exe
2006-05-29 18:46 . 2006-05-29 18:46 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-04-22 03:10 . 2006-05-20 15:58 6642957 -c--a-w- c:\program files\ultra_qtconverter.exe
2003-09-30 02:23 . 2006-05-20 06:04 0 -csha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\Antivirus\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 18:58 1107200 ----a-w- c:\program files\Antivirus\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\Antivirus\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\Antivirus\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2002-12-12 798789]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-10-16 114688]
"WCOLOREAL"="c:\program files\Coloreal\coloreal.exe" [2002-11-27 131072]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"AVG8_TRAY"="c:\progra~1\ANTIVI~1\AVG8\avgtray.exe" [2009-09-18 2022680]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-05 160800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
PowerReg Scheduler.exe [2006-5-28 246784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-28 17:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Last.fm Helper.lnk]
backup=c:\windows\pss\Last.fm Helper.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MemoKit.lnk]
backup=c:\windows\pss\MemoKit.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Antivirus\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Antivirus\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Antivirus\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"h:\\Stream 2 Phone\\Orb\\bin\\Orb.exe"=
"h:\\Stream 2 Phone\\Orb\\bin\\OrbTray.exe"=
"h:\\Stream 2 Phone\\Orb\\bin\\OrbStreamerClient.exe"=
"h:\\Stream 2 Phone\\Orb\\bin\\xmltv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/31/2008 7:04 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/31/2008 7:04 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/31/2008 7:04 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\ANTIVI~1\AVG8\avgemc.exe [6/16/2009 10:41 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\ANTIVI~1\AVG8\avgwdsvc.exe [4/25/2009 7:01 PM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\ANTIVI~1\AVG8\avgfws8.exe [4/25/2009 7:02 PM 1370488]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/31/2008 6:59 PM 29208]
S2 mrtRate;mrtRate; [x]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/31/2008 6:59 PM 29208]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [1/21/2009 11:18 PM 33752]
S3 msCMTSrvc;Content Monitoring Tool;c:\windows\system32\msCMTSrvc.exe --> c:\windows\system32\msCMTSrvc.exe [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/30/2008 5:45 PM 33808]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2008-12-31 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2008-08-05 00:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/home.html
uDefault_Search_URL = hxxp://srch-qus7.hpwis.com/
mSearch Bar = hxxp://srch-qus7.hpwis.com/
uSearchURL,(Default) = hxxp://rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - hxxp://download1.answers.com/pub/AnswersSetup.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\va5wxqlw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com
FF - component: c:\program files\Antivirus\AVG8\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-23 12:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
"ImagePath"="\??\c:\windows\system32\drivers\rootrepeal
[1].sys"


[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rootrepeal[1]]
"ImagePath"="\??\c:\windows\system32\drivers\rootrepeal
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4172007503-962097887-3732946033-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(592)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-23 12:36
ComboFix-quarantined-files.txt 2009-09-23 19:35
ComboFix2.txt 2009-09-22 23:22

Pre-Run: 9,051,136,000 bytes free
Post-Run: 9,024,057,344 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=,1,2,3,4
222 --- E O F --- 2009-09-10 03:32

[heated]

OTL logfile created on: 9/23/2009 1:03:14 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Program Files\Antivirus
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.48 Mb Total Physical Memory | 181.88 Mb Available Physical Memory | 37.93% Memory free
1.10 Gb Paging File | 0.77 Gb Available in Paging File | 69.94% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.89 Gb Total Space | 8.43 Gb Free Space | 7.81% Space Free | Partition Type: NTFS
Drive D: | 3.89 Gb Total Space | 0.75 Gb Free Space | 19.39% Space Free | Partition Type: FAT32
Drive E: | 672.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 232.88 Gb Total Space | 63.45 Gb Free Space | 27.25% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: YOUR-N3TY7ATHD5
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/07/28 10:08:45 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Antivirus\AVG8\avgwdsvc.exe
PRC - [2009/07/28 10:09:49 | 01,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Antivirus\AVG8\avgfws8.exe
PRC - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/04 17:22:18 | 00,164,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2006/05/22 19:48:56 | 01,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2009/07/28 10:11:52 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Antivirus\AVG8\avgemc.exe
PRC - [2009/07/28 10:11:26 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Antivirus\AVG8\avgam.exe
PRC - [2009/07/28 10:12:49 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Antivirus\AVG8\avgrsx.exe
PRC - [2009/07/28 10:12:43 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Antivirus\AVG8\avgcsrvx.exe
PRC - [2008/04/13 17:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [1998/05/07 17:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\windows\system\hpsysdrv.exe
PRC - [2002/07/31 20:28:38 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\ps2.exe
PRC - [2004/09/07 13:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [2004/12/14 09:07:44 | 00,176,128 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
PRC - [2004/09/13 16:49:00 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2009/09/17 17:59:24 | 02,022,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Antivirus\AVG8\avgtray.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/07/28 10:12:15 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Antivirus\AVG8\avgnsx.exe
PRC - [2009/09/23 12:57:58 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Program Files\Antivirus\OTLreal.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/07/28 10:11:52 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Antivirus\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/07/28 10:08:45 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Antivirus\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/07/28 10:09:49 | 01,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Antivirus\AVG8\avgfws8.exe -- (avgfws8 [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/12/01 12:01:02 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - File not found -- -- (iPod Service [On_Demand | Stopped])
SRV - [2008/08/04 17:22:18 | 00,164,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc [Auto | Running])
SRV - File not found -- -- (msCMTSrvc [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2002/12/12 03:00:00 | 00,065,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006/05/22 19:48:56 | 01,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/10/01 10:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2009/04/25 19:08:45 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\avgfwdx.sys -- (Avgfwdx [On_Demand | Running])
DRV - [2009/04/25 19:08:45 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\avgfwdx.sys -- (Avgfwfd [On_Demand | Stopped])
DRV - [2009/07/28 10:12:45 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/07/28 10:12:46 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/04/25 19:08:30 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86 [Boot | Running])
DRV - [2009/04/25 19:03:32 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - File not found -- -- (catchme [On_Demand | Running])
DRV - [2006/11/30 02:00:00 | 00,387,384 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2004/12/16 13:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])
DRV - [2002/09/12 03:18:28 | 00,040,448 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys -- (FETNDIS [On_Demand | Stopped])
DRV - [2004/12/14 09:07:44 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2004/12/14 09:07:44 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2004/12/14 09:07:44 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2002/10/25 17:02:20 | 00,080,283 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2001/11/05 14:54:38 | 00,014,182 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\icm10blk.sys -- (icm10blk [On_Demand | Stopped])
DRV - [2001/11/05 14:54:14 | 00,420,870 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Drivers\ICM10USB.sys -- (ICM10USB [On_Demand | Stopped])
DRV - [2003/03/31 14:29:00 | 00,625,537 | ---- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
DRV - [2006/05/31 14:52:50 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
DRV - [2008/08/04 17:22:18 | 00,033,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\nx6000.sys -- (MSHUSBVideo [On_Demand | Stopped])
DRV - [2007/01/10 00:35:00 | 00,021,120 | ---- | M] (NCH Swift Sound) -- C:\WINDOWS\System32\drivers\nchssvad.sys -- (NCHSSVAD [On_Demand | Stopped])
DRV - [2004/09/29 13:36:29 | 00,015,360 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\System32\DRIVERS\NetMotCM.sys -- (ndiscm [On_Demand | Running])
DRV - [2004/08/03 22:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2002/09/06 19:24:00 | 00,013,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp [Boot | Running])
DRV - [2001/06/12 16:52:06 | 00,012,270 | ---- | M] (Palm, Inc.) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2002/11/20 18:08:24 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2002/07/29 22:43:50 | 00,023,808 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/06/01 15:11:06 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/03 22:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2003/05/26 13:57:50 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3Psddr [On_Demand | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/09/09 15:35:05 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/05/22 20:05:31 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2007/04/09 09:53:24 | 00,012,672 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
DRV - [2007/04/09 09:56:22 | 00,021,248 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
DRV - [2007/04/09 09:55:08 | 00,022,912 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
DRV - [2002/07/24 12:30:00 | 00,032,128 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1 [Boot | Running])
DRV - [2002/10/25 17:03:22 | 00,091,774 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [System | Stopped])
DRV - [2002/10/25 17:03:30 | 00,071,514 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\Antivirus\AVG8\Toolbar\IEToolbar.dll ()
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.35
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.3
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118


FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2009/03/27 22:46:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2009/03/27 22:46:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\Antivirus\AVG8\Firefox [2009/06/16 18:10:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\Antivirus\AVG8\Toolbar\Firefox\avg@igeared [2009/06/07 09:57:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 20:04:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/21 14:53:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/21 14:53:50 | 00,000,000 | ---D | M]

[2009/02/24 14:59:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/08/27 13:05:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/24 14:59:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\[email protected]
[2009/09/13 11:19:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\va5wxqlw.default\extensions
[2009/09/13 11:19:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\va5wxqlw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/22 11:44:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\va5wxqlw.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2008/10/16 17:51:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\va5wxqlw.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/01/21 23:17:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\va5wxqlw.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/07/16 15:21:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\va5wxqlw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/04/12 14:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\va5wxqlw.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2009/09/13 11:19:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\va5wxqlw.default\extensions\staged-xpis
[2008/08/27 13:10:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\va5wxqlw.default\extensions\[email protected]
[2008/06/19 01:19:15 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\va5wxqlw.default\searchplugins\wikipedia-en.xml
[2009/09/13 11:29:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/21 14:53:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/02/21 20:51:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/22 16:22:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/06/21 14:53:36 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/21 14:53:36 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/03/19 19:23:20 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/06/21 14:53:40 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/12/01 12:01:02 | 00,114,540 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2008/09/16 21:28:48 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/16 21:28:48 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/24 00:12:56 | 00,001,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2008/09/16 21:28:48 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/15 18:12:33 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/16 21:28:48 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/16 21:28:48 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/16 21:28:48 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Antivirus\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Antivirus\Spybot - Search & Destroy\SDHelper.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\Antivirus\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\Antivirus\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\Antivirus\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\Antivirus\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\System32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [WCOLOREAL] C:\Program Files\Coloreal\coloreal.exe ()
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Antivirus\Spybot - Search & Destroy\SDHelper.dll File not found
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.s...rl/LSSupCtl.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} http://download1.ans...nswersSetup.cab (Reg Error: Key error.)
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} http://gamedownload....Plugin11USA.cab (ijjiPlugin2 Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1148117032980 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1197435975074 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yaho...mail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload....GPlugin9USA.cab (HGPlugin9USA Class)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\Antivirus\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/01/24 07:07:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2005/10/21 13:20:20 | 00,000,030 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3c41315e-e7d1-11da-bb71-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3c41315e-e7d1-11da-bb71-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3c41315e-e7d1-11da-bb71-806d6172696f}\Shell\AutoRun\command - "" = E:\BookOnCD.exe -- [2008/11/17 15:08:16 | 08,229,525 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/23 12:56:34 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/22 16:22:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/09/22 15:47:17 | 00,000,199 | ---- | C] () -- C:\Boot.bak
[2009/09/22 15:47:11 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/09/22 15:47:07 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/09/22 15:43:10 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/22 15:43:10 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/22 15:43:10 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/09/22 15:43:10 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/09/22 15:43:10 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/22 15:43:10 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/22 15:43:10 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/22 15:43:10 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/09/22 00:21:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/22 00:18:36 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/21 19:23:42 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/09/20 22:18:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/09/20 18:51:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\MSN6
[2009/09/20 18:51:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/09/18 16:18:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\win32k.sys
[2009/09/18 15:42:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/09/18 15:39:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/15 23:41:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
[2009/09/15 00:41:06 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/09/15 00:41:05 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/09/09 13:06:27 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/07 15:41:29 | 00,135,680 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Rotary Board Minutes CVCS 8-11-09.doc
[2009/09/07 13:40:54 | 00,124,416 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\AGENDA for CVCS Rotary Club Board Meeting September, 2009..doc
[2009/09/07 13:12:36 | 00,038,912 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Finance Committee Meeting Agenda September 2009.doc
[2009/09/06 21:45:49 | 00,000,046 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\MTC-savedfolder.dat
[2009/09/03 07:16:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG8
[2009/09/01 16:34:06 | 00,022,912 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbmodem.sys
[2009/09/01 16:34:06 | 00,021,248 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbdiag.sys
[2009/09/01 16:34:06 | 00,012,672 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbbus.sys
[2009/09/01 16:33:47 | 00,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2009/09/01 16:05:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\bitpim
[2009/04/20 09:46:57 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/01/07 03:19:24 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/01/07 03:19:19 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/07 03:19:18 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/01/07 03:19:18 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/07 03:19:16 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/07 03:19:16 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/12/31 15:30:08 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/04/10 20:37:19 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\jsound.dll
[2008/04/10 20:37:19 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll
[2008/04/10 20:37:19 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll
[2008/04/10 20:37:18 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll
[2008/04/10 20:37:18 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll
[2008/04/10 20:37:18 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll
[2008/04/10 20:37:17 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll
[2008/04/10 20:37:17 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll
[2008/04/10 20:37:17 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll
[2008/04/10 20:37:16 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll
[2008/04/10 20:37:16 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll
[2008/04/10 20:37:16 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll
[2008/04/10 20:37:15 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll
[2008/04/10 20:37:15 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll
[2008/04/10 20:37:15 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll
[2008/04/10 20:37:15 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll
[2008/04/10 20:37:15 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll
[2008/04/10 20:37:15 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll
[2008/04/10 20:37:14 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll
[2008/04/10 20:37:14 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll
[2008/04/10 20:37:14 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll
[2008/02/17 18:47:02 | 00,000,372 | ---- | C] () -- C:\WINDOWS\DAYTONAU.INI
[2007/10/31 11:47:21 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/09/09 15:35:05 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/05/28 17:57:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/03/11 13:56:23 | 00,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2007/03/11 13:56:23 | 00,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[2006/09/11 23:36:16 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/04 08:21:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/05/24 19:45:42 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/23 19:21:13 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/05/23 19:21:13 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2003/01/25 03:43:47 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/24 08:36:27 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\IntroReg.dll
[2003/01/24 08:36:25 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/01/24 08:36:24 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/01/24 08:18:55 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/01/24 08:18:40 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/01/24 07:52:52 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/24 07:41:30 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2003/01/24 07:30:21 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/01/24 07:30:21 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/01/24 07:29:52 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/01/24 07:11:36 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/24 05:55:28 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/24 05:55:07 | 00,001,385 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/01/24 05:55:04 | 00,000,367 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/31 23:33:58 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/23 12:00:00 | 00,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys

========== Files - Modified Within 30 Days ==========

[2009/09/23 12:48:56 | 41,700,283 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/23 12:36:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/23 12:30:47 | 00,000,367 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/23 11:47:38 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/23 11:47:23 | 00,000,249 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/09/23 11:46:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/23 11:46:08 | 50,284,5440 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/22 16:12:15 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/22 15:47:17 | 00,000,270 | RHS- | M] () -- C:\boot.ini
[2009/09/22 12:23:54 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2009/09/21 23:53:16 | 00,112,900 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/21 17:36:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\win32k.sys
[2009/09/19 22:18:24 | 04,265,156 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/09/18 20:00:27 | 00,000,026 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\stinger.opt
[2009/09/15 00:41:06 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/09/15 00:41:05 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/13 22:26:47 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2009/09/10 18:28:05 | 00,001,385 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/10 18:28:05 | 00,000,199 | ---- | M] () -- C:\Boot.bak
[2009/09/10 15:49:00 | 00,047,304 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/09 20:18:20 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/07 15:58:49 | 00,124,416 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\AGENDA for CVCS Rotary Club Board Meeting September, 2009..doc
[2009/09/07 15:41:30 | 00,135,680 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Rotary Board Minutes CVCS 8-11-09.doc
[2009/09/07 13:12:37 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Finance Committee Meeting Agenda September 2009.doc
[2009/09/06 21:45:52 | 00,000,046 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\MTC-savedfolder.dat
[2009/08/28 14:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7B65412
< End of report >

[heated]

OTL Extras logfile created on: 9/23/2009 1:03:14 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Program Files\Antivirus
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.48 Mb Total Physical Memory | 181.88 Mb Available Physical Memory | 37.93% Memory free
1.10 Gb Paging File | 0.77 Gb Available in Paging File | 69.94% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.89 Gb Total Space | 8.43 Gb Free Space | 7.81% Space Free | Partition Type: NTFS
Drive D: | 3.89 Gb Total Space | 0.75 Gb Free Space | 19.39% Space Free | Partition Type: FAT32
Drive E: | 672.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 232.88 Gb Total Space | 63.45 Gb Free Space | 27.25% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: YOUR-N3TY7ATHD5
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Enabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Antivirus\AVG8\avgupd.exe" = C:\Program Files\Antivirus\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Antivirus\AVG8\avgemc.exe" = C:\Program Files\Antivirus\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Antivirus\AVG8\avgnsx.exe" = C:\Program Files\Antivirus\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"H:\Stream 2 Phone\Orb\bin\Orb.exe" = H:\Stream 2 Phone\Orb\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"H:\Stream 2 Phone\Orb\bin\OrbTray.exe" = H:\Stream 2 Phone\Orb\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"H:\Stream 2 Phone\Orb\bin\OrbStreamerClient.exe" = H:\Stream 2 Phone\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"H:\Stream 2 Phone\Orb\bin\xmltv.exe" = H:\Stream 2 Phone\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
"{01F9D88C-3C86-4E82-840A-101A3221F67A}" = Microsoft Money 2003
"{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}" = Microsoft Money 2003 System Pack
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{27565B66-EC6D-48A9-A1C3-8886A849995F}" = Space Rocks
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2B4B4104-7AC7-4950-8BF2-6BB5E3E61CA7}" = Men In Black II CROSSFIRE Trial Version
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{31403AA7-7357-43E1-9B46-4B45847C37D5}" = Blasterball Wild
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33A16A26-1533-4016-AE2D-89D6398D7EB2}" = Blackhawk Striker
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350CC34B-2B8E-4EE5-AE4D-F04FDF37DC39}" = Blasterball 2
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C5E25C7-D999-4AB6-BE8C-532FD5B79D6A}" = Betty Bad
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{461073BF-9642-4A73-B58E-157358D412AB}" = 6200
"{4E5B5975-1138-4B20-A53F-30704B135B5C}" = Pig Pen
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6518675B-CC8D-4AB3-A3F6-CC02FF6548D7}" = 6200_Help
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{67D9A48A-81E9-4863-8B55-744BAEA180E2}" = Disney's Lilo and Stitch Pinball
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6BCB7EAA-598C-4836-B7EA-3642E41AA222}" = Microsoft LifeCam
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7CF31609-270B-11D6-9445-000102308676}" = Java 2 Runtime Environment, SE v1.4.0_01
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{80E21EE8-007B-4C28-ADB2-5110B4401E2E}" = Snowboard Extreme
"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{865917D2-33F4-4223-BDCD-C7DA958C216C}" = Dark Orbit
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver Software
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}" =
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{A777CB31-A5EC-4E32-A462-2E24F45D4D4F}_is1" = Moyea FLV to Video Converter Pro 2 version: 2.0.7.15
"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{BDE90251-93EB-4F6A-89D8-086E2D91DC56}" = Coloreal
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3F81504-72F3-4262-9449-487404DA75BB}" = 6200Trb
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EEDAA297-DFDF-436A-B977-D95EA63C907D}" = Virtual Warfare
"{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}" = Simple Installer - Multilanguage Version
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7.20090722
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"AVG8Uninstall" = AVG 8.5
"BootDreams" = BootDreams
"Collab" = Collab
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CompuServe us" = CompuServe
"Daytona USA" = Daytona USA Killer
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Error Repair Professional_is1" = Error Repair Professional 3.7
"ExpressBurn" = Express Burn
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Hospital" = Theme Hospital
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"iDump" = iDump Build: 22
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"Java Media Framework 2.1.1c" = Java Media Framework 2.1.1c
"Java Web Start" = Java Web Start
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.5 (Full)
"LimeWire" = LimeWire PRO 5.0.11
"Media Studio for iPod® and iPhone®" = Media Studio for iPod® and iPhone® 3.5 demo
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MixPad" = MixPad
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Orb" = Orb
"PictureProject In Touch Downloader" = PictureProject In Touch Downloader 1.0
"Privoxy" = Privoxy 3.0.6
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"Recordpad" = RecordPad Sound Recorder
"Replay Media Catcher 3.01" = Replay Media Catcher 3.01
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"Soulseek2" = SoulSeek 157 NS 13
"StorageSync" = StorageSync Backup Software
"Switch" = Switch Sound File Converter
"Tor" = Tor 0.1.2.19
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"vgif" = NSIS vgif
"Vidalia" = Vidalia 0.0.16
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"WavePad" = WavePad Uninstall
"WildTangent CDA" = WildTangent Web Driver
"WildTangentDDC" = WildTangent Channel Manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Essentials" = Yahoo! Essentials
"Yahoo! Login" = Yahoo! Login
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji.com" = ijji
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >