I have also had a window open up on start-up for quite a long time with no apparent ill effects...it opens a folder called "COMMON." You can see this on the MBAM log and I am pretty sure this is a lingering effect from a trojan as well.
I followed all the steps listed on the Cleaning Guide...below are my logs:
Malwarebytes' Anti-Malware 1.41
Database version: 3158
Windows 5.1.2600 Service Pack 3
11/12/2009 10:10:54 PM
mbam-log-2009-11-12 (22-10-54).txt
Scan type: Quick Scan
Objects scanned: 103355
Time elapsed: 5 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{231fee8d-a439-4712-ae52-3f12132fe773} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cd592dbf-7138-4805-a93b-b9491b6e53fc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Common\helper.sig (Trojan.Agent) -> Quarantined and deleted successfully.
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/12 23:49
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x9768B000 Size: 204800 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x93559000 Size: 49152 File Visible: No Signed: -
Status: -
==EOF==
OTL logfile created on: 11/12/2009 11:53:44 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Michael XXXXXXX\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.34% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 37.27 Gb Free Space | 33.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MD
Current User Name: Michael XXXXXXX
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/11/12 23:51:26 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael XXXXXXX\My Documents\Downloads\OTL.exe
PRC - [2009/10/19 11:40:52 | 00,092,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/09/15 09:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/21 10:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/21 10:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/01 15:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/12/01 15:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/09/02 11:48:12 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008/09/02 11:40:46 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2008/08/19 11:13:54 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/07 13:19:28 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2006/08/11 14:56:02 | 00,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2006/01/07 00:09:25 | 00,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
PRC - [2006/01/07 00:09:24 | 00,659,456 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon06.exe
PRC - [2004/05/12 15:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2003/08/29 03:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
========== Modules (SafeList) ==========
MOD - [2009/11/12 23:51:26 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael XXXXXXX\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2006/09/07 13:18:58 | 00,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2006/08/11 14:56:02 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
========== Win32 Services (SafeList) ==========
SRV - [2009/10/19 11:40:52 | 00,092,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/09/15 09:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/05/21 10:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/01 15:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008/12/01 14:35:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/08/19 11:13:54 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/12/15 10:48:28 | 00,303,104 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2006/12/15 10:47:16 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/12/15 10:45:08 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2006/12/12 22:17:36 | 00,057,344 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/12/12 22:17:10 | 00,294,912 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2006/12/05 10:56:44 | 00,073,728 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/11 17:07:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/12 12:39:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/14 18:51:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/07 17:35:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 17:35:39 | 00,000,000 | ---D | M]
[2008/10/09 16:10:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael XXXXXXX\Application Data\Mozilla\Extensions
[2008/10/09 16:10:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael XXXXXXX\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/11 21:57:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael XXXXXXX\Application Data\Mozilla\Firefox\Profiles\5edber20.default\extensions
[2009/07/13 16:16:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael XXXXXXX\Application Data\Mozilla\Firefox\Profiles\5edber20.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/11 21:57:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/07 17:35:35 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/14 18:52:22 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/07/23 17:17:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/17 23:08:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/11/07 17:35:35 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/07 17:35:35 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/08/06 15:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/05/21 10:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2006/07/07 13:44:37 | 00,527,872 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2006/07/07 13:44:20 | 00,086,016 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/11/07 17:35:36 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008/10/13 06:02:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/10/13 06:02:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/10/13 06:02:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/10/13 06:02:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/10/13 06:02:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/10/13 06:02:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/10/13 06:02:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/09/07 18:56:49 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/09/07 18:56:49 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/09/07 18:56:49 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/09/07 18:56:49 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/09/07 18:56:49 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/09/07 18:56:49 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/09/07 18:56:49 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe (HP)
O4 - HKLM..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Michael XXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found
O4 - Startup: C:\Documents and Settings\Michael XXXXXXX\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: att.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: att.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([clientapps] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([clientapps] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase1140.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/27 15:07:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b3f90a89-8f32-11dd-b880-000cf1cc6ed4}\Shell - "" = AutoRun
O33 - MountPoints2\{b3f90a89-8f32-11dd-b880-000cf1cc6ed4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3f90a89-8f32-11dd-b880-000cf1cc6ed4}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/02/27 08:01:21 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2009/11/12 21:06:52 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/12 21:06:50 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/12 21:06:50 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/12 21:04:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/03 19:35:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael XXXXXXX\Local Settings\Application Data\MathematicaPlayer
[2009/11/03 19:35:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael XXXXXXX\Application Data\MathematicaPlayer
[2009/11/03 19:35:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MathematicaPlayer
[2009/11/03 19:34:22 | 00,378,152 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\ml32i3.dll
[2009/11/03 19:34:22 | 00,349,480 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\mltcpip32.mlp
[2009/11/03 19:34:22 | 00,267,560 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\ml32i2.dll
[2009/11/03 19:34:22 | 00,259,368 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\ml32i1.dll
[2009/11/03 19:34:22 | 00,185,640 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\mlmodule32.dll
[2009/11/03 19:34:22 | 00,107,816 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\mltcp32.mlp
[2009/11/03 19:34:22 | 00,103,720 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\mlshm32.mlp
[2009/11/03 19:34:22 | 00,095,528 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\mlmap32.mlp
[2009/11/03 19:33:58 | 00,000,000 | ---D | C] -- C:\Program Files\Wolfram Research
[2009/11/01 12:10:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael XXXXXXX\My Documents\Recommendations
[2006/11/23 14:06:02 | 00,028,672 | R--- | C] ( ) -- C:\WINDOWS\System32\DivXGraphBuilderCallback.dll
[2006/08/11 14:56:28 | 00,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
========== Files - Modified Within 14 Days ==========
[2009/11/12 23:40:01 | 00,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3708737157-1115945463-1137599433-1005UA.job
[2009/11/12 22:24:33 | 00,000,275 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/11/12 22:23:49 | 06,291,456 | ---- | M] () -- C:\Documents and Settings\Michael XXXXXXX\ntuser.dat
[2009/11/12 22:22:59 | 00,000,301 | ---- | M] () -- C:\WINDOWS\KA.INI
[2009/11/12 22:19:53 | 00,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/12 22:12:51 | 00,027,209 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/12 22:12:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/12 22:12:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/12 22:12:16 | 21,465,00608 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/12 22:11:38 | 00,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2009/11/12 22:11:38 | 00,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2009/11/12 22:11:38 | 00,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2009/11/12 22:11:38 | 00,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2009/11/12 22:11:38 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2009/11/12 22:11:38 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/11/12 22:11:38 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/11/12 22:11:32 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Michael XXXXXXX\ntuser.ini
[2009/11/12 22:11:25 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF
[2009/11/12 22:11:25 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
[2009/11/12 21:06:55 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/12 21:04:43 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Michael XXXXXXX\Desktop\ERUNT.lnk
[2009/11/12 20:59:05 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/11/12 20:59:04 | 00,000,632 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/12 20:59:04 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/12 18:40:01 | 00,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3708737157-1115945463-1137599433-1005Core.job
[2009/11/11 21:24:21 | 00,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/08 18:03:28 | 00,000,226 | ---- | M] () -- C:\Documents and Settings\Michael XXXXXXX\Desktop\Welcome to Webkinz® - a Ganz website.url
[2009/11/08 10:07:51 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Michael XXXXXXX\My Documents\CHECKLIST.doc
[2009/11/07 14:12:46 | 00,050,248 | ---- | M] () -- C:\Documents and Settings\Michael XXXXXXX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/04 20:26:04 | 00,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/04 20:26:04 | 00,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/04 20:26:03 | 00,525,272 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/04 20:17:47 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/01 19:02:22 | 00,192,512 | ---- | M] () -- C:\Documents and Settings\Michael XXXXXXX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ==========
[2009/11/12 21:06:55 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/12 21:04:43 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Michael XXXXXXX\Desktop\ERUNT.lnk
[2009/11/11 21:41:10 | 00,000,864 | ---- | C] () -- C:\Documents and Settings\Michael XXXXXXX\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2009/10/20 18:01:40 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Michael XXXXXXX\Local Settings\Application Data\housecall.guid.cache
[2009/08/13 18:18:44 | 00,000,301 | ---- | C] () -- C:\WINDOWS\KA.INI
[2009/08/12 17:16:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/01/10 00:13:22 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/06 21:52:41 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/12/07 13:08:06 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/07 13:08:04 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/21 16:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/21 16:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/02/12 21:19:55 | 00,000,019 | ---- | C] () -- C:\WINDOWS\wp.ini
[2008/02/12 18:48:52 | 00,002,059 | ---- | C] () -- C:\WINDOWS\wp2.ini
[2007/10/24 21:20:28 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\Michael XXXXXXX\Application Data\DMX.bmk
[2007/10/24 21:09:26 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\Michael XXXXXXX\Local Settings\Application Data\fusioncache.dat
[2007/10/19 19:46:28 | 00,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/04 11:56:10 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/06/12 10:26:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/05/23 10:17:25 | 00,000,593 | ---- | C] () -- C:\WINDOWS\RSWAVMIX.INI
[2007/04/10 20:38:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/03/12 22:38:43 | 00,381,228 | ---- | C] () -- C:\Documents and Settings\Michael XXXXXXX\Local Settings\Application Data\rx_image.Cache
[2007/03/12 22:22:21 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2007/03/12 22:09:36 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/03/12 18:20:59 | 00,000,275 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/02/28 22:28:23 | 00,002,178 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/02/28 20:50:09 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/28 17:53:35 | 00,192,512 | ---- | C] () -- C:\Documents and Settings\Michael XXXXXXX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/28 17:46:02 | 00,050,248 | ---- | C] () -- C:\Documents and Settings\Michael XXXXXXX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/02/28 17:44:20 | 02,231,602 | -H-- | C] () -- C:\Documents and Settings\Michael XXXXXXX\Local Settings\Application Data\IconCache.db
[2007/02/28 17:44:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Michael XXXXXXX\Application Data\desktop.ini
[2007/02/28 10:32:41 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/02/27 16:21:36 | 00,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/02/27 16:21:36 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2007/02/27 16:21:36 | 00,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/02/27 10:01:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/02/05 20:05:26 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007/01/03 18:25:50 | 00,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2007/01/03 18:25:50 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2007/01/02 10:09:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/12/12 22:02:00 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/12/12 22:02:00 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/10/17 07:00:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2006/08/11 14:57:18 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/07/07 13:41:01 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/07/07 13:40:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/05/23 12:40:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/06/16 18:17:16 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004/08/04 06:00:00 | 00,000,632 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/10/02 01:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2009/01/06 22:27:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2008/10/14 15:22:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/09/06 20:52:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2007/12/05 18:25:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/12/29 17:16:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/01/25 09:53:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VistaCodecs
[2008/10/13 06:03:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2007/11/15 00:08:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael XXXXXXX\Application Data\ATI
[2008/06/17 15:24:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael XXXXXXX\Application Data\GyroTools GO Pro
[2009/06/10 12:05:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael XXXXXXX\Application Data\KompoZer
[2007/03/12 19:08:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael XXXXXXX\Application Data\Leadertech
[2009/07/23 17:22:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael XXXXXXX\Application Data\OpenOffice.org
[2007/04/09 20:27:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael XXXXXXX\Application Data\Snapfish
[2009/01/18 14:02:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael XXXXXXX\Application Data\Uniblue
[2007/07/14 14:14:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael XXXXXXX\Application Data\WowAceUpdater
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/01/15 01:42:08 | 00,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/03/01 01:00:23 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/11/12 22:12:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/04 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/04 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/04 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2003/03/19 19:00:00 | 00,201,088 | ---- | M] (Intel Corporation) MD5=18E3972D9632485D80D609D4674F9D83 -- C:\WINDOWS\OemDir\iaStor.sys
[2003/03/19 19:00:00 | 00,201,088 | ---- | M] (Intel Corporation) MD5=18E3972D9632485D80D609D4674F9D83 -- C:\WINDOWS\system32\drivers\iaStor.sys
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/03 18:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 18:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\AGP440.SYS
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< End of report >